Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,734,346 Members 47,121 Now Online
XDA Developers Android and Mobile Development Forum

The WindowBreak Project

Tip us?
 
Jaxbot
Old
(Last edited by Jaxbot; 26th December 2011 at 12:26 PM.)
#1  
Recognized Developer - OP
Thanks Meter 546
Posts: 1,218
Join Date: Mar 2009

 
DONATE TO ME
Wink The WindowBreak Project

"What am I doing, why am I here, what is this about, and where am I going with this."

Hello all. After dealing with rumors, rumors of rumors, and the like, I've finally managed to disclose something I hold very dear to me: the WindowBreak project.
As the name suggests, this is a jailbreak project for Windows Phone 7. I started something a while back that had little success, but through the months, I've managed to figure out something that should bring light into the Windows Phone jailbreaking scene.

Real quick, though:
What this is: A project, with information about some interesting exploits I found, and a call for the community to dive in.
What this isn't: A full fledged jailbreak. Please don't post replies such as "when will XXXX device be supported". It just wastes time, and I assure you, I want every device included.
It also is not a full unlock. Just interop.

The details
So here's the sitch. We all know how Heathcliff74's interop unlock works. XAP files are just ZIP files, and ZIP files can have entries that allow extracting in parent directories.
Interesting thing is, this can be done using the ZipView application, which normally stores data in \Application Data\Volatile\Zipview\<random id>
Thus, creating a directory in a ZIP file called ../../../../provxml will copy all those files into the \provxml\ folder upon extraction.
See what I did there?

Limitations
Of course, there are limitations.
1) We cannot extract into \Windows\. There's a policy that prevents it.
2) The bad one: We can only extract known MIME types, at least to my knowledge. This is because the files are only extracted when they are clicked on in ZipView. And clicking on a .dbz file, for example, will just say the file type is not supported. Bummer.

What we can do...
As mentioned above, this can be used for a fresh out of the box jailbreak for Samsung devices, using provxml. Here's a video of that:

Try it yourself: with a Samsung device, go to http://windowsphonehacker.com/windowbreak and press WindowBreak Me.

In theory, this would be all we need to jailbreak most Windows Phone devices. Unfortunately, Nokia and HTC devices block the registry entries in provisioning files. I'm not sure what the extent of this "whitelist" (or is it a blacklist?) is, and details/tests on this would be appreciated.


What needs to be done...

Nokia: I don't have a Nokia device, but I've been working a great deal on figuring out how to crack it's shell, and have a couple of ideas. If I'm able to get my hands on a Nokia device soon, I'll try some of these unorthodox exploits out, otherwise I'll need some daring volunteers.

HTC: I do have an HTC device, but I can't figure out how to extract the files for the Connection Setup program. If someone can give me details on what the password encryption is on it, etc, for the HTC interop unlock, that would be much appreciated.

Other devices: Not a lot of demand for these (and LG needs no jailbreak, since it has MFG), but if something comes up, feel free to share where the provisioning files exist and I'll see about "windowbreaking" them.


So this is my little project, and I hope the details I'm sharing will lead to further development. My personal device (Samsung Focus) is easily interop unlocked now, without costing me a cent. I'd really like this to be the case for everyone; I'm not saying the $9 unlock for Chevron Labs is bad, in fact, it's greatly supported homebrew. What I am saying, though, is that freedom is still possible, and regardless, any developments made here will further support interop unlocking on Chevron/apphub unlocked devices. With that in mind...

Merry Christmas.

Special thanks to: Heathcliff74 for much of the research and idea behind the exploit
All the supporting members of XDA, who bring appreciation for what we do. Thank you.
That guy from Windows Phone Hacker, 2009-2013. Retired June 2013.
Personal Blog | Twitter | Youtube
The Following 99 Users Say Thank You to Jaxbot For This Useful Post: [ Click to Expand ]
 
Heathcliff74
Old
#2  
Heathcliff74's Avatar
Recognized Developer
Thanks Meter 2054
Posts: 1,439
Join Date: Dec 2010

 
DONATE TO ME
Cool! Ridiculous that I didn't think of this myself

I will send you the password of the dbz files when I get home. I don't have it here.

But the real problem for HTC and NOKIA are the whitelists. I've been working on this for the past time. And today I made more progress. I developed a new way of debugging native 3rd party dll's/drivers. U can isolate functions and call them from a test app for unit-testing. This makes testing a lot easier. This will help me find exploits much faster. I can even call the whitelist functions of HTC and NOKIA on my Samsung now Working on it right now.

Good find!!

Heathcliff74

www.wp7roottools.com

Developer of "WP7 Root Tools"
Pioneer of "Interop Unlock"
Pioneer in Native Code Development on WP7


Also look at some of my other work:
Collection of all official WP7 updates, language packs and OEM updates
Guide for deploying files to your WP7 device


If you have questions about unlocking, please read this before you start mailing me, because my mailboxes are full

The Following 14 Users Say Thank You to Heathcliff74 For This Useful Post: [ Click to Expand ]
 
Jaxbot
Old
#3  
Recognized Developer - OP
Thanks Meter 546
Posts: 1,218
Join Date: Mar 2009

 
DONATE TO ME
Quote:
Originally Posted by Heathcliff74 View Post
Cool! Ridiculous that I didn't think of this myself

I will send you the password of the dbz files when I get home. I don't have it here.

But the real problem for HTC and NOKIA are the whitelists. I've been working on this for the past time. And today I made more progress. I developed a new way of debugging native 3rd party dll's/drivers. U can isolate functions and call them from a test app for unit-testing. This makes testing a lot easier. This will help me find exploits much faster. I can even call the whitelist functions of HTC and NOKIA on my Samsung now Working on it right now.

Good find!!

Heathcliff74
Haha, I knew you would say that when you saw this. Most credit of this goes to your work, in fact, which gave me much of the idea.

As for the whitelists, do you know exactly how it's blocking? Is just registry blocked, or all non-APN related settings?
That guy from Windows Phone Hacker, 2009-2013. Retired June 2013.
Personal Blog | Twitter | Youtube
The Following 2 Users Say Thank You to Jaxbot For This Useful Post: [ Click to Expand ]
 
voluptuary
Old
#4  
voluptuary's Avatar
Senior Member
Thanks Meter 738
Posts: 939
Join Date: Dec 2010
Location: Mukwonago

 
DONATE TO ME
^-- This is why I nominated you guys for those free Nokia Lumias. Keep up the good work!
The Following 2 Users Say Thank You to voluptuary For This Useful Post: [ Click to Expand ]
 
Heathcliff74
Old
#5  
Heathcliff74's Avatar
Recognized Developer
Thanks Meter 2054
Posts: 1,439
Join Date: Dec 2010

 
DONATE TO ME
Quote:
Originally Posted by Jaxbot View Post
Haha, I knew you would say that when you saw this. Most credit of this goes to your work, in fact, which gave me much of the idea.

As for the whitelists, do you know exactly how it's blocking? Is just registry blocked, or all non-APN related settings?
Both brands have very similar mechanisms. They both have a driver dedicated to provisioning. The whitelists are implemented in those drivers. HTC has whitelisted only specific registry keys for APN's and stuff. NOKIA does not have the registry on the whitelist at all.

Heathcliff74

www.wp7roottools.com

Developer of "WP7 Root Tools"
Pioneer of "Interop Unlock"
Pioneer in Native Code Development on WP7


Also look at some of my other work:
Collection of all official WP7 updates, language packs and OEM updates
Guide for deploying files to your WP7 device


If you have questions about unlocking, please read this before you start mailing me, because my mailboxes are full

 
Jaxbot
Old
#6  
Recognized Developer - OP
Thanks Meter 546
Posts: 1,218
Join Date: Mar 2009

 
DONATE TO ME
Quote:
Originally Posted by Heathcliff74 View Post
Both brands have very similar mechanisms. They both have a driver dedicated to provisioning. The whitelists are implemented in those drivers. HTC has whitelisted only specific registry keys for APN's and stuff. NOKIA does not have the registry on the whitelist at all.

Heathcliff74
Shame it's a whitelist instead of a blacklist :\
Do you know which CSPs are allowed? I've managed to move files around using provxml on my Samsung, but it seems to allow just about anything.
That guy from Windows Phone Hacker, 2009-2013. Retired June 2013.
Personal Blog | Twitter | Youtube
 
pLUSpISTOL
Old
#7  
pLUSpISTOL's Avatar
Senior Member
Thanks Meter 63
Posts: 381
Join Date: Jan 2009
Yeah I want you two to get the free Nokia Lumia's too! You both do great work - thank you keep giving love to the Omnia 7 too please since it's my girlfriend who has the Lumia 800 (dammit!)
 
contable
Old
#8  
contable's Avatar
Senior Member
Thanks Meter 953
Posts: 1,690
Join Date: Oct 2009

 
DONATE TO ME
Indeed a very cool solution ! Thanks button pressed.

Is it limited to 1st gen samsung devices or does it work on 2nd gen devices too ?
 
Jaxbot
Old
#9  
Recognized Developer - OP
Thanks Meter 546
Posts: 1,218
Join Date: Mar 2009

 
DONATE TO ME
Quote:
Originally Posted by contable View Post
Indeed a very cool solution ! Thanks button pressed.

Is it limited to 1st gen samsung devices or does it work on 2nd gen devices too ?
Both first and 2nd gen will work, though some interop won't work on 2nd gen devices (e.g., last I heard, registry editors were all read only)
That guy from Windows Phone Hacker, 2009-2013. Retired June 2013.
Personal Blog | Twitter | Youtube
 
MJCS
Old
#10  
Senior Member
Thanks Meter 225
Posts: 646
Join Date: Jun 2007
Location: Rancho Santa Margarita

 
DONATE TO ME
DBZ Password
030D681B-1DFC-4bd0-A72A-A9B3CCCDA653

---------- Post added at 10:30 AM ---------- Previous post was at 10:29 AM ----------

Oh and it was found here http://forum.xda-developers.com/show...php?p=18916888

The Following 4 Users Say Thank You to MJCS For This Useful Post: [ Click to Expand ]
Tags
unlock, windowbreak
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes