[XAP][Source] Webserver v0.6.0 (File uploads)

Search This thread

GoodDayToDie

Inactive Recognized Developer
Jan 20, 2011
6,066
2,933
Seattle
That's an IPv6 address, it means either that your network doesn't offer IPv4, or that the app grabbed the wrong address for some reason (incidentally, you can probably still connect to it on the usual address). If it's the latter, restarting the app (wait a few seconds before starting it again) should fix things. I guarantee you I didn't touch that part of the code at all.
 

AlvinPhilemon

Senior Member
Oct 6, 2011
330
193
That's an IPv6 address, it means either that your network doesn't offer IPv4, or that the app grabbed the wrong address for some reason (incidentally, you can probably still connect to it on the usual address). If it's the latter, restarting the app (wait a few seconds before starting it again) should fix things. I guarantee you I didn't touch that part of the code at all.

fixed the issue by disabling IPv6 on my network
 

acquariusoft

Senior Member
May 23, 2006
802
395
Hi,

your project is very interesting. You are working to implement file upload? If you are working on it i can test your code and also try to help you to develop this function that i really need :D

Another problem, if i press restart server in your example without change port i obtain an error.

Tnx for your work!!!
 
Last edited:

hyyz17200

Member
Mar 13, 2012
43
25
30
Nantong,Jiangsu
Modifications (uploading or editing files, creating, deleting, or changing registry keys or values) are currently not supported. They will be "soon" although my personal testing suggests that basically the whole registry, and most of the file system, is off-limits for writing. Interestingly, I can *read* most of the registry, including stuff that I probably shouldn't be able to.

What does this mean? Is there any hope about "writing" something? So that we can get the whole root access?
But then you said your testing shows off-limits for writing?

Anyway, thanks! :eek:
 

GoodDayToDie

Inactive Recognized Developer
Jan 20, 2011
6,066
2,933
Seattle
Once I (or somebody) gets full root access - currently, the only way to do that is through MTP (USB connection, not a user app so we can't control what it *does*) - then I will definitely implement modifications and uploading in the app, if I haven't already. I'd like to get them working soon, but it's relatively low priority next to working on the various unlock hacks (including trying to get "root"), exploring what I can do with the permissions that I have so far, and developing other apps that take advantage of those permissions. I'm working on it, though!

Currently, the only locations that the app can write to (using the standard capabilities) are its install folder and its data folder. That's not terribly exciting, so I didn't bother implementing file upload yet.
 

hyyz17200

Member
Mar 13, 2012
43
25
30
Nantong,Jiangsu
Once I (or somebody) gets full root access - currently, the only way to do that is through MTP (USB connection, not a user app so we can't control what it *does*) - then I will definitely implement modifications and uploading in the app, if I haven't already. I'd like to get them working soon, but it's relatively low priority next to working on the various unlock hacks (including trying to get "root"), exploring what I can do with the permissions that I have so far, and developing other apps that take advantage of those permissions. I'm working on it, though!

Currently, the only locations that the app can write to (using the standard capabilities) are its install folder and its data folder. That's not terribly exciting, so I didn't bother implementing file upload yet.

I know the MTP connection, its full control by the phone system. It is really hard.
But how about hack the FFU firmware? Does it has digital certificate ? Otherwise maybe it's a way?


So far, thank you GoodDayToDie ! :good:
 

GoodDayToDie

Inactive Recognized Developer
Jan 20, 2011
6,066
2,933
Seattle
I would not expect much of the radio firmware to be available from the main OS; in modern smartphones all that stuff is kept separate so that a misbehavior in the OS can't interfere with towers or anything. With that said, some stuff may be reachable... I'll need to see if I can access other volumes (besides the mounted C: drive) but that will take some research.
 
  • Like
Reactions: hyyz17200

jessenic

Senior Member
Sep 9, 2010
479
315
What is the benefit on using FileSystem from NativeAccessLibraries over the stuff in System.IO?
 

GoodDayToDie

Inactive Recognized Developer
Jan 20, 2011
6,066
2,933
Seattle
Not much, right now. There's a few things that are easier to do from the nativefilesystem library, but mostly it's to lay a groundwork for future stuff that isn't (officially) supported/possible. For example, NativeFileSystem has the option of creating symbolic links (requires ID_CAP_BUILTIN_SYMBOLICLINK or similar, I forget the exact cap) which isn't supposed to be possible.
 
  • Like
Reactions: jessenic

GoodDayToDie

Inactive Recognized Developer
Jan 20, 2011
6,066
2,933
Seattle
Updated. New version has better formatting and supports additional registry types, with fewer bugs as well (or at least, with some old ones fixed).
 
  • Like
Reactions: sp4rt4n-i17

hjc4869

Senior Member
Jul 31, 2012
52
54
Wuhan
Not much, right now. There's a few things that are easier to do from the nativefilesystem library, but mostly it's to lay a groundwork for future stuff that isn't (officially) supported/possible. For example, NativeFileSystem has the option of creating symbolic links (requires ID_CAP_BUILTIN_SYMBOLICLINK or similar, I forget the exact cap) which isn't supposed to be possible.

I tried to create symbolic link.
it returned no error and it is created.
BUT you cannot access what's in it. Also due to the capabilities you can only create symbolic link to isolated storage and etc. So this way to access the file system might be useless.
 

GoodDayToDie

Inactive Recognized Developer
Jan 20, 2011
6,066
2,933
Seattle
That's... exactly the nature of symlinks.

A symlink is a file, much like any other. You can only create symlinks where you can create other files (app install folder, isolated storage folder, and any folders that you have special capabilities added to gain write access). You can create the symlink *pointing* to anywhere, but that doesn't override the permissions on the target; trying to read or write through the symlink uses the target's permissions (obviously, or they would be a massive security hole on desktop OSes as well).

As I said before, the only way that a symlink is likely to be exploitable security-wise is a time-of-check-to-time-of-use (TOCTOU) vulnerability. These happen when a privileged component tries to verify that it is reading or writing a path that it knows is safe even though another app could write there and mess with it (this part is the check) and then after confirming it to be correct the privileged process does access the file (the use). In between the check and the use, the attacker (our app) replaces the file or a folder in its path with a symlink pointing elsewhere - somewhere that the privileged process can read and/or write but we cannot. This type of attack, known as a "race condition" because you are racing to have your code execute in that tiny window between check and use (not all TOCTOU are race conditions, and not all race conditions are TOCTOU, but the most common TOCTOU exploits are races), was at one time very common on Unix/Linux/etc. but is not common on Windows.
 

GoodDayToDie

Inactive Recognized Developer
Jan 20, 2011
6,066
2,933
Seattle
New version, 0.4.9 posted. Should have fixed or at least greatly improved the performance and stability issues that were plaguing the app. Additionally, resume and port-changing now work as they should, and all registry types (including unknown/illegal ones) are now supported.
 

ngame

Senior Member
Mar 13, 2012
1,126
554
Mashad
New version, 0.4.9 posted. Should have fixed or at least greatly improved the performance and stability issues that were plaguing the app. Additionally, resume and port-changing now work as they should, and all registry types (including unknown/illegal ones) are now supported.

hi .
GoodDayToDie isn't it better that you try run app in the background ?
then we can access directly from Phone to registry and files via IE !

----------------------------------------------------------------------------------------------
Anyone knows why ?
my MaxUnsignedApp Registry Key today automatically decreased to 4! it was 10 .
but why ? :(
 
Last edited:

GoodDayToDie

Inactive Recognized Developer
Jan 20, 2011
6,066
2,933
Seattle
Trust me, that's on the roadmap. If the server was written in native code, I'd probably already have done it; native EXEs are easy to create and I could have it run in the background while the app controls it. It's probably possible to make an EXE out of managed code on WP8 too, but I'll need to work on that. Alternatively, I could make the server spoof itself as a navigation app or something similar that is permitted to run continuously in the background. That's probably easier, though it feels less "elegant" to me.
 
  • Like
Reactions: thals1992 and ngame

ngame

Senior Member
Mar 13, 2012
1,126
554
Mashad
Trust me, that's on the roadmap. If the server was written in native code, I'd probably already have done it; native EXEs are easy to create and I could have it run in the background while the app controls it. It's probably possible to make an EXE out of managed code on WP8 too, but I'll need to work on that. Alternatively, I could make the server spoof itself as a navigation app or something similar that is permitted to run continuously in the background. That's probably easier, though it feels less "elegant" to me.

you can use music player or location services to run it in bg as Mohsen-Unique do in his new test app and you mentioned to it.
but surely all of us trust you man.
 
Last edited:

GoodDayToDie

Inactive Recognized Developer
Jan 20, 2011
6,066
2,933
Seattle
Of those two, I'd probably use the location agent; streaming media agent has the advantage of giving me an accessible-from-anywhere control interface, but the disadvantage of not being able to play any media at the same time... Of course, using the location agent has its own problems (requiring continuously polling the GPS, which eats battery, and you can only have one such app running at a time). I suppose I can mitigate those to the extent possible (reduce GPS update frequency, for example), but I'd really use a "proper" background process. Anyhow, yeah, it's something I want to do at some point.
 
Last edited:
  • Like
Reactions: ngame

GoodDayToDie

Inactive Recognized Developer
Jan 20, 2011
6,066
2,933
Seattle
Well, you wanted it, you got it! Background mode comes to the WP8 webserver. See the first post for details and new downloads (minor version number bumped).

Merry Christmas Eve, I guess? Or appropriate winter-y just-past-the-solstice holiday.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 31
    Version Alpha 0.6.0 is now available
    I'm back! Not dead yet, I promise. This is actually a relatively small update in terms of user-facing features, with only one really big new thing - support for file uploading - but that's a lot bigger than it might sound. It's the first write support I've implemented in the server, and it also required some fairly massive updates to the HttpServer component (support for binary requests, for POST parameters, for MIME multipart parsing). These will be built upon in forthcoming versions to add support for things like registry editing, in-browser file viewing (possibly editing), and so on. There are also a large number of small fixes and improvements that I've made over the last two-weeks-shy-of-a-year, which should make the server faster, more robust, better able to support concurrent connections, and lighter on device resources. Finally, while the app still targets WP8.0 and should run on 8.0, it now is designed for 8.1 compatibility (especially the AllCapabilities version).

    Previous update (0.5.6): This version is mostly bug fixes and UI changes. The biggest changes are: clearer display of weird registry data types, the server now consumes fewer threads (it used to spawn them with wild abandon) and does faster string compares, the app version is now shown on the phone, error pages are now better, if you launch the app without a WiFi IP address it'll offer to take you to the WiFi settings page, connections are no longer closed as soon as the app starts sending a response, and the server now defaults to using the Connection: keep-alive header, with a two-minute timeout. The last change, combined with the second-to-last, should hopefully both do away with the tendency to have the app fail to display a page. However, I shouldn't have *needed* to switch it to "keep-alive" - using "close" should have worked - but it still veeeery occasionally would kill the connection early. Agh. Anyhow, this is better in the meantime.

    DevDB offers me a support / Q&A thread. Please use that thread to ask questions; don't PM me unless it needs to be kept private for some reason!


    ISSUES ON WP8.1:
    • It *should* work to deploy the app with "Application Deployment", but if you have a problem try deploying with "Windows Phone Application Deployment 8.1" instead.
    • Problems have been reported in the past when the app is installed to the SD card. It's small, though; putting it on internal storage shouldn't be a problem.
    • RESOLVED The AllCapabilities version included a few capabilities that were present in 8.0 but removed in 8.1. Those capabilities have been removed; the AllCapabilities version now deploys and runs on capability-unlocked WP8.1 phones.

    IN CASE OF OTHER ISSUES: Please provide a *detailed* error report - what phone and OS version you have, what hacks you've installed, what Webserver version you're running, what you do to get the error to occur, and exactly *what* occurs - and I'll fix it as soon as I can! There's a DevDB section for posting bug reports, and you can also use CodePlex if you want.

    I finally implemented file upload! I'll work on getting more stuff like that (file delete, possibly file rename/move/copy, various registry edits), hopefully soon! I also hope to add support for different areas, like an "Applications" path, a "Processes" path, a "Services" path... eventually. Many of those are really hard without good privileges. I'm also looking at moving the server to a background process and making the app just a control UI for it, adding support for authentication and/or HTTPS, adding some stylesheets to the web UI, adding caching, and much more. I did finally implement Connection header support.

    Once again, the XAP is published twice. One is a fairly standard XAP that any phone can sideload, and the second has many exotic capabilities to enable viewing of (and writing to) slightly more of the file system and registry. The standard XAP has had its list of capabilities expanded to pretty much all of them that can be used without interop-unlock. The high-capability variant requires not just interop-unlock, but the additional capability-unlock hack available in the interop-unlock thread. The AllCapabilities version now works with WP8.1; sorry for the long delay on that!

    An item of note: the AllCapabilities version (or either version, on WP8.1) can open other drives in the file system. On phones with an SD card, it is mounted at D: and you can browse it as normal. Credit to @hjc4869 for this discovery!

    DESCRIPTION: This is a simple webserver app which can enumerate those files that are in folders readable from the sandbox, can download and upload (access permitting) files, can browse the registry, and can display the contents of registry values of any type. It runs on WP8.x (not yet tested on W10M). It is a spiritual successor to the Functional Webserver / WebServer (Mango) projects from WP7. This version is still missing a lot of functionality as I decided to implement it from scratch, but it is advancing swiftly. Note that there's no access controls implemented; use it on a public network only at your own risk!

    Instructions are simple: sideload the XAP, connect to WiFi (required), run the app (called "WebServer Native Access"), point a web browser (on a PC or phone that is also on that local network) to the URL that the app displays. You should get a basic index page. Click on a Filesystem or Registry link to begin browsing the phone. There's a textbox near the top of all filesystem pages, type in a path there (for example, "C:windows" with no quotes) and hit Enter or click Get Files. You'll see a list of the contents of that folder. Click on a file to download it or a directory to open it. There's also a box for uploading files, one at a time, to the current directory. Navigating the registry is similar, except you'll need to specify the registry hive and then the path from that hive (or no path, to access the root of the hive).

    As of v0.6.0, uploading files is finally supported! Other modifications (editing files, creating, deleting, or changing registry keys or values) are currently not supported. They will be "soon" although my personal testing suggests that basically the whole registry, and most of the file system, is off-limits for writing unless you use restricted capabilities.

    You might see an error code (error 5 is "ACCESS_DENIED", you'll see it a lot; I should replace it with an appropriate 403 or whatever). Or you might see a status 500 message because of an exception in the server. Or the server may just crash (hopefully not so often anymore...). I'm making it more resilient, but there are still bugs. Please report any previously-unreported issues you find, including how to reproduce them, and I'll fix them if possible.

    Also feel free to request features or changes; I'll implement them if reasonably possible. The app is a mixture of C++ and C# code; I could probably have done it all in one or the other but wanted to have a C++ component in case I ran into something that wasn't available in C#, and although it probably would have saved some time, I decided that hacking up a web server in C++ was maybe not the best idea.

    The source code is on Codeplex, at the following projects: https://wp8webserver.codeplex.com/ for the server and the app (C#) and https://wp8nativeaccess.codeplex.com/ for the native access wrappers (C++). You may have to fix up the reference paths to get the C# component to see the C++ component correctly. The code is reasonably well documented, but let me know if you have any questions. Permission to re-use the code or components is granted under the MS-PL (Microsoft Permissive License) as posted on Codeplex.

    Go forth and find cool stuff!

    Version history (see the git commit logs for more detail:
    07 July 2013 - 0.2.0: Initial release, FS only, 920 downloads (source: 652 downloads)
    14 July 2013 - 0.3.2: initial registry, HTTP server and web app encapsulation, source on Codeplex, 225 downloads
    0.3.3: bugfixes, 454 downloads
    0.4.2: basic registry values display, 86 downloads
    0.4.3: bugfixes, 326 downloads
    0.4.6: multistring registry values, bugfixes, updated libraries, first AllCapabilities version (950 downloads), 453 downloads
    25 Oct 2013 - 0.4.8: binary and long registry values, formatting and bugfixes, 451 downloads AllCaps, 201 normal
    22 Dec 2013 - 0.4.9: all registry value types, better threading, proper resume, remembers port, 97 downloads AllCaps, 53 normal
    24 Dec 2013 - 0.5.0: background operation using Location APIs. Downloads: 1011 AllCaps, 963 Normal
    20 Jul 2014 - 0.5.1: More capabilities, better navigation. Downloads: 358 AllCaps, 352 normal
    07 Aug 2014 - 0.5.3: .REG export, better traversal, bugfixes. Downloads as of 0.5.5 release: 260 AllCaps, 164 normal
    10 Oct 2014 - 0.5.5: Bugfixes and back-end work. Downloads as of 0.6.0 release: 140 AllCaps, 113 normal
    25 Oct 2014 - 0.5.6: Bugfixes and UI tweaks. Downloads as of 0.6.0 release: 1720 AllCaps, 1334 normal
    12 Oct 2015 - 0.6.0: Binary requests, file uploads, bugfixes.

    XDA:DevDB Information
    WebServer Native Access, Tool/Utility for the Windows Phone 8 General

    Contributors
    GoodDayToDie
    Source Code: https://wp8webserver.codeplex.com/


    Version Information
    Status: Alpha

    Created 2014-10-17
    Last Updated 2015-10-12
    6
    Not actually part of the webserver yet, but...

    Just added the skeleton of a Process library to the NativeAccess project. It gives the ability to create and delete processes (assuming that you have the permissions to the executable / process in question) and also to get the current process's ID and command line, plus get or set environment variables. It hasn't really been tested yet, but it's there...
    4
    I'm going to use this space to mention something that's pretty cool:
    J. Arturo of http://www.komodosoft.net is using a modified version of the HTTP server that powers this app in the ShareFolder app (http://www.windowsphone.com/s?appid=e2b9c82e-eaa1-4a3b-9d4a-8a2933a8bdb4) to support opening video files directly from Windows network shares! This was done to work around a limitation of the WP8 media control: it can only source from an isolated storage file or a HTTP URL. By running a server in the background and streaming the video file through it, and pointing the video player control at the localhost URL, it becomes possible to play the file on the phone without first copying it to the app's isolated storage. A very cool way to solve the problem! Also, reviewing the changes that were made to the network code of the server pointed me toward those threading fixes I made that have hopefully much improved version 0.4.9.
    Please note that the updated version of ShareFolder with this feature may not yet be available, although it should be soon. It is a commercial (paid) app, but the author sought and received permission to use my code (although the license does not require such permission be received).
    4
    New version, 0.4.9 posted. Should have fixed or at least greatly improved the performance and stability issues that were plaguing the app. Additionally, resume and port-changing now work as they should, and all registry types (including unknown/illegal ones) are now supported.
    3
    Meh, that's because I forgot to attach the XAP. You could have grabbed it from Codeplex, but... yeah. Fixed.
    EDIT: To be more clear, you could have grabbed the updated NativeAccess Registry class from CodePlex and recompiled the server against it... jeez, I was bad with this release. ALL FIXED NOW (I hope...)