[GUIDE] Full FileSystem Access over SFTP / CMD over SSH on Windows 10 Mobile

Search This thread
By:
Advanced…
snickler

snickler

Retired Forum Mod / Inactive Recognized Developer
Aug 17, 2010
1,320
1,132
Dub V
www.sinclairinat0r.com
Hi all,

This guide uses the built-in SSH server on the phone that gets activated once you enable Device Discovery to give us TRUE full file system access. MTP doesn't truly give full file system access as there are files and folders that aren't accessible still.

NOTE: The automation of the steps listed in this whole guide has been incorporated into an easy GUI within @gus33000 's app called Interop Tools. Big thanks to him for taking the time to simplify this whole process.



Many thanks to @gus33000 [For the simplification and guinea pig process ] and @black_blob [ For making me try the UMCIAuditMode trick again]!

Manual Steps for SFTP


Tools needed



Steps:

  • If you're using @djamol's Root Tool, use @vcfan's Lumia Registry Editor for this
  • The following keys should be set to the following string values under the Path of System\Currentcontrolset\control\ssh\sirepuser

    Represented in this guide as key: value

    stfp-home-dir : C:\
    default-home-dir : C:\
    sftp-mkdir-rex : .*
    sftp-open-dir-rex : .*
    sftp-read-file-rex : .*
    sftp-remove-file-rex : .*
    sftp-rmdir-rex : .*
    sftp-stat-rex : .*
    sftp-write-file-rex : .*
    auth-method : password
    user-pin : 1234
  • After you've verified that at least one of these keys have been set, exit the app
    [*] Go to the phone settings app and put your Windows 10 Mobile phone in Developer Mode, activate Device Discovery then turn on Pair mode
    [*] Pair to your phone using WConnect, either from usb connect mode ("wconnect usb") or IP (wconnect youripaddress) using the pin on your device
    [*] When this is complete, go to %USERPROFILE%\appdata\local\Microsoft\WConnectSrv. In this directory, you should see a privkey.pem file. Hold on to this
    [*] Open up PuttyGen, click on the Conversions menu and then click Import key. Point to the path that contains the privkey.pem file, then press Okay
    [*] Back in PuttyGen, click on the Save private key button and then save the .ppk file off somewhere that you'll remember.
    [*] Open Pagent, click Add key and point to the .ppk file you generated before. You'll want to make sure this is ALWAYS running.


If using Swish
  • Go to Windows Explorer, dbl-click on the Swish icon under Devices and Drives. Click on Add SFTP Connection at the top
  • Enter in a label that you wish to save the connection present as .
  • Under host your phone's IP as Host.
  • Enter in Sirepuser as the User.
  • Enter / as the Path.
  • Press Create
  • Go back to the Swish folder then click on the connection that you just created (YOU MUST HAVE PAGENT RUNNING FOR THIS TO WORK).
  • When prompted, enter "1234" as the password.


If using WinSCP:
  • Open WinSCP. Underneath of the Password box, click on Advanced.
    • Click on the SFTP menu item and set the Preferred SFTP protocol version to 2
    • Click on the SSH -> Authentication menu item. Click Allow agent forwarding, click on the ellipsis next to Private key file and choose the .ppk file you saved from PuttyGen
  • Press Ok to save the settings
  • Back on the WinSCP main screen, enter in your phone's Wi-Fi IP into host name and for the User name, type in Sirepuser. Press save and then save this session as a "Site" in WinSCP
  • Login. When prompted, enter "1234" as the password.
  • You'll receive an error initially about not being able to browse /C/ and blah blah. You can right-click and click on Goto Folder. /C/Data will be a nice folder to start at since that's where most of the goodies are.

Voila, you should know be able to have full file system access.

Now there are a FEW caveats to this..

  • If you're looking to modify/download any of the important files in the AOW folder, you won't be able to. For SOME REASON, it's returning "No such file or directory" if you try to download/modify some certain files. It will also return this if you try to do the same for the registry hives.
  • If you happen to remove all paired pins on your phone, you must add pin from the phone and use the pin as the password to your SFTP session


I'm tired of my SFTP access cutting out because the WiFi disappears when the screen goes to lock >_<. What do I do?!?!!?

Using the same Lumia Registry Editor from Djamol's Root Tool, Head to the \system\currentcontrolset\services\keepwifionsvc Path and set the following DWORD value

Start => 2

For some reason the service that keeps wifi running even while the screen is under lock is disabled on 10512. This enables it. Reboot and you'll have WiFi working under lock screen on 10512.




Manual Steps for running CMD over SSH (assuming you've done the SFTP steps above) Redstone builds required. 10586.XXX builds will NOT work


Tools Needed:

  • IoT Insider Preview ISO
  • Interop Tools - Download the latest arm package and all packages from the Dependencies directory. Install the dependencies first, THEN install the app.
  • Pageant
  • Putty

Steps:

First, you'll need to download the Windows IoT Core Insider Preview ISO. Mount it and then install the MSI. Next, you'll need to go into Disk Management (diskmgmt.msc) and create a new 4GB VHD by clicking Action-> Create VHD. Set the location to any place you wish for it to be, set the size to 4GB and keep the rest the same. Pay attention to the disk number shown in the Disk Management screen after you create and mount that VHD (They have a blue drive icon to the left of them).

When this is complete, open up an elevated command prompt. Go to C:\Program Files (x86\Microsoft IoT\FFU.
Run the following command:

Code: 
dism.exe /Apply-Image /ImageFile:flash.ffu /ApplyDrive:\\.\PhysicalDriveN /SkipPlatformCheck

Where N is the disk number. At this point, you should start seeing a bunch of volumes created. The MainOS volume is the one we'll care about.
Go to that drive and copy the Windows\System32\cmd.exe and Windows\system32\en-us\cmd.exe.mui to your phone's Document's folder.

Next step is to open up the Interop Tools app, and tap on the Interop Unlock menu item from the hamburger menu. Select the option to restore NDTKSvc, reboot.
When the device comes back up, re-open Interop Tools and this time click on the Registry Editor from the hamburger menu.

Enter the following values, then press Write Data:

Registry Hive : HKEY_LOCAL_MACHINE
Registry Type: String
Registry Key Path: SYSTEM\Controlset001\Control\SSH\Sirepuser
Registry Value Name: default-shell
Registry Value Data: C:\Data\Users\Public\Documents\cmd.exe

Write this key tap on the hamburger menu and go to the Registry Browser. Travel to HKEY_LOCAL_MACHINE -> SYSTEM -> ControlSet001 -> Control -> Ci.

Tap the + button on the application bar and make sure the values are set to the following and then press Write:

Registry Hive: HKEY_LOCAL_MACHINE
Registry Type: Integer
Registry Key Path: SYSTEM\ControlSet001\Control\CI
Registry Value Name: UMCIAuditMode
Registry Value Data: 1

This actually enables the execution of unsigned executables. This is how we end up making CMD and the other programs work ^_^.

Reboot your phone. Wait a good 3-5 minutes before you try doing anything because your phone will be acting very unstable (Some apps crashing, and others working).
While you have pageant open and the private key added, open up a putty SSH session to your phone using the username of Sirepuser. You should be delighted at this point (If you did everything correctly) to see a Command Prompt. You should be getting random resource string errors when you try typing DIR, etc and this is due to the fact that we don't have the mui string in the correct place. Let's fix that.

ONE BIG THING TO NOTE: running CMD in SSH is very sensitive to keystrokes. If you are typing a command and press backspace even once, then the command won't send at all. It will state that it doesn't recognize what you're doing, so be sure to type these things in FLAWLESSLY (yeah it's annoying)


What we want to do now is then copy the cmd.exe to C:\Windows\System32 and the cmd.exe.mui to C:\Windows\System32\en-US. Run the following commands:

copy c:\Data\Users\Public\cmd.exe c:\Windows\System32
copy c:\Data\Users\Public\cmd.exe.mui c:\Windows\System32\en-US

Back on your phone, go back to Interop Tools and click on the Registry Editor. Follow the same exact steps as you did for changing the default-shell key, but make one change:

Registry Value Data: C:\Windows\system32\cmd.exe

At this point, restart your putty session and then you'll be good to go with CMD running over SSH as SYSTEM!

Extra:

There was a reason I said to copy off the system32 folder somewhere... If you follow the same process to get the files to your Documents folder and move them over to system32, you can have quite a bit of exes to run from the command line. The easiest thing to do is to use xcopy to get everything there.

Extra #2:
You can run .NET Console apps in CMD if they are named the following 3 names: TailoredDeploy.exe, WConnectAgent.exe or WConnectAgentLauncher.exe.

Make a directory on your SD Card named "test" or put it in the test directory on your phone's C: drive and it should go. Beware that the runtime is weird on the phone and not ALL things are possible to do with a .NET Console app

PLEASE... For the love of god DO NOT add DefApps to the Administrators group if you don't want all of your apps to stop working



Have fun ^_^

Also...

USE THIS AT YOUR OWN RISK! I AM NOT RESPONSIBLE IF YOU BLOW UP YOUR PHONE ON PURPOSE OR BY ACCIDENT :)
 
Last edited:
  • Like
Reactions: aliimanypoor, maruf8, billybatson and 29 others
M

mlleemiles

Senior Member
Jul 13, 2015
121
22
Hi, snickler! Can I have your permission to repost your tut? It's great and I wanna share with everyone since everyone's really hoping for a full fs access. Of course, i will link your post and add you and the others to the disclaimer.
 
Z

zetvn

Member
Aug 15, 2015
49
6
Redmi K20 / Xiaomi Mi 9T
Redmi K20 Pro
I've tried, but failed
11899948_1686515858235049_1684895382473299786_n.jpg
 
snickler

snickler

Retired Forum Mod / Inactive Recognized Developer
Aug 17, 2010
1,320
1,132
Dub V
www.sinclairinat0r.com
@zetvn, did you follow ALL steps? Make sure Device Discovery is on and that your phone's WiFi is on. That message basically means you have a timeout. Also check your IP address and see if it is the correct WiFi address
 
ADeltaX

ADeltaX

Senior Member
Feb 16, 2015
130
89
Somewhere
www.adeltax.com
snickler said:
:D. Have you gotten any closer to rooting AOW @ADeltaX?
Click to expand...
Click to collapse

70% yes.
Adb shell is now as root user.
SU binary works fine.
Busybox too.
Superuser app seems to work too.
BUT
Apps can't reference from superuser app because of limit of project astoria caused by some modified libs. (stderr stdout = null)
SU binary refernce from libc.so and it's also modified....
 
  • Like
Reactions: snickler
snickler

snickler

Retired Forum Mod / Inactive Recognized Developer
Aug 17, 2010
1,320
1,132
Dub V
www.sinclairinat0r.com
ADeltaX said:
70% yes.
Adb shell is now as root user.
SU binary works fine.
Busybox too.
Superuser app seems to work too.
BUT
Apps can't reference from superuser app because of limit of project astoria caused by some modified libs. (stderr stdout = null)
SU binary refernce from libc.so and it's also modified....
Click to expand...
Click to collapse

Brilliant! Is it on your thread yet? If so, point me to it :p
 
snickler

snickler

Retired Forum Mod / Inactive Recognized Developer
Aug 17, 2010
1,320
1,132
Dub V
www.sinclairinat0r.com
ADeltaX said:
Not yet, I need to upload these files and create a new thread.
I have a very slow connection, so probably will be ready within 2-4 hours :\

I'll mention you if i'll open the thread/the file is ready. :)
Click to expand...
Click to collapse

Awesome! Yeah, definitely make a new thread for this. BTW, I updated my OP to include a reg key change to enable WiFi under lock screen. It may not be useful for everyone connecting via USB, but for those on IP it will be VERY helpful
 
  • Like
Reactions: ADeltaX
A

AteBitDesigns

New member
Aug 26, 2015
2
0
Lost...

Hey there i am following the instructions as written, went to install the vcREG bootstrap and the instructions they give is to apply it to the reinstalled Extras+Info app on the SD card. well when i try to download it it says the app is no longer available? is there a work around?
 
snickler

snickler

Retired Forum Mod / Inactive Recognized Developer
Aug 17, 2010
1,320
1,132
Dub V
www.sinclairinat0r.com
AteBitDesigns said:
Hey there i am following the instructions as written, went to install the vcREG bootstrap and the instructions they give is to apply it to the reinstalled Extras+Info app on the SD card. well when i try to download it it says the app is no longer available? is there a work around?
Click to expand...
Click to collapse

You didn't follow instructions. It states to use Djamol's root tool and use the Lumia Registry Editor within it that is vcReg's.
 
  • Like
Reactions: Leo_zodiac
You must log in or register to reply here.

Similar threads

XDRdaniel
  • Locked
[Fix added] [HOW TO] [UPDATED] Install Android apps on Windows 10 Mobile
Replies
897
Views
645K
the_scotsman
the_scotsman
djamol
[JAILBREAK][GUIDE] Interop Unlock for Windows 10 Mobile + All Capabilities
Replies
474
Views
432K
7
7652782894
hikari_calyx
[GUIDE] Win10 Mobile (Semi-)Offline Update Project 10586.107 [UPDATED V5.3 beta6]
Replies
640
Views
471K
Grand Neo GT-I9060
Grand Neo GT-I9060
dxdy
  • Locked
Interop Tools Appx for Windows 10 Mobile - registry editor
Replies
171
Views
382K
snickler
snickler
R
HOWTO: Install Windows 10 for Phones on Non-supported devices (and other hacks)
Replies
487
Views
530K
D
dAV84

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 32
    snickler
    snickler
    Hi all,

    This guide uses the built-in SSH server on the phone that gets activated once you enable Device Discovery to give us TRUE full file system access. MTP doesn't truly give full file system access as there are files and folders that aren't accessible still.

    NOTE: The automation of the steps listed in this whole guide has been incorporated into an easy GUI within @gus33000 's app called Interop Tools. Big thanks to him for taking the time to simplify this whole process.



    Many thanks to @gus33000 [For the simplification and guinea pig process ] and @black_blob [ For making me try the UMCIAuditMode trick again]!

    Manual Steps for SFTP


    Tools needed



    Steps:

    • If you're using @djamol's Root Tool, use @vcfan's Lumia Registry Editor for this
    • The following keys should be set to the following string values under the Path of System\Currentcontrolset\control\ssh\sirepuser

      Represented in this guide as key: value

      stfp-home-dir : C:\
      default-home-dir : C:\
      sftp-mkdir-rex : .*
      sftp-open-dir-rex : .*
      sftp-read-file-rex : .*
      sftp-remove-file-rex : .*
      sftp-rmdir-rex : .*
      sftp-stat-rex : .*
      sftp-write-file-rex : .*
      auth-method : password
      user-pin : 1234
    • After you've verified that at least one of these keys have been set, exit the app
      [*] Go to the phone settings app and put your Windows 10 Mobile phone in Developer Mode, activate Device Discovery then turn on Pair mode
      [*] Pair to your phone using WConnect, either from usb connect mode ("wconnect usb") or IP (wconnect youripaddress) using the pin on your device
      [*] When this is complete, go to %USERPROFILE%\appdata\local\Microsoft\WConnectSrv. In this directory, you should see a privkey.pem file. Hold on to this
      [*] Open up PuttyGen, click on the Conversions menu and then click Import key. Point to the path that contains the privkey.pem file, then press Okay
      [*] Back in PuttyGen, click on the Save private key button and then save the .ppk file off somewhere that you'll remember.
      [*] Open Pagent, click Add key and point to the .ppk file you generated before. You'll want to make sure this is ALWAYS running.


    If using Swish
    • Go to Windows Explorer, dbl-click on the Swish icon under Devices and Drives. Click on Add SFTP Connection at the top
    • Enter in a label that you wish to save the connection present as .
    • Under host your phone's IP as Host.
    • Enter in Sirepuser as the User.
    • Enter / as the Path.
    • Press Create
    • Go back to the Swish folder then click on the connection that you just created (YOU MUST HAVE PAGENT RUNNING FOR THIS TO WORK).
    • When prompted, enter "1234" as the password.


    If using WinSCP:
    • Open WinSCP. Underneath of the Password box, click on Advanced.
      • Click on the SFTP menu item and set the Preferred SFTP protocol version to 2
      • Click on the SSH -> Authentication menu item. Click Allow agent forwarding, click on the ellipsis next to Private key file and choose the .ppk file you saved from PuttyGen
    • Press Ok to save the settings
    • Back on the WinSCP main screen, enter in your phone's Wi-Fi IP into host name and for the User name, type in Sirepuser. Press save and then save this session as a "Site" in WinSCP
    • Login. When prompted, enter "1234" as the password.
    • You'll receive an error initially about not being able to browse /C/ and blah blah. You can right-click and click on Goto Folder. /C/Data will be a nice folder to start at since that's where most of the goodies are.

    Voila, you should know be able to have full file system access.

    Now there are a FEW caveats to this..

    • If you're looking to modify/download any of the important files in the AOW folder, you won't be able to. For SOME REASON, it's returning "No such file or directory" if you try to download/modify some certain files. It will also return this if you try to do the same for the registry hives.
    • If you happen to remove all paired pins on your phone, you must add pin from the phone and use the pin as the password to your SFTP session


    I'm tired of my SFTP access cutting out because the WiFi disappears when the screen goes to lock >_<. What do I do?!?!!?

    Using the same Lumia Registry Editor from Djamol's Root Tool, Head to the \system\currentcontrolset\services\keepwifionsvc Path and set the following DWORD value

    Start => 2

    For some reason the service that keeps wifi running even while the screen is under lock is disabled on 10512. This enables it. Reboot and you'll have WiFi working under lock screen on 10512.




    Manual Steps for running CMD over SSH (assuming you've done the SFTP steps above) Redstone builds required. 10586.XXX builds will NOT work


    Tools Needed:

    • IoT Insider Preview ISO
    • Interop Tools - Download the latest arm package and all packages from the Dependencies directory. Install the dependencies first, THEN install the app.
    • Pageant
    • Putty

    Steps:

    First, you'll need to download the Windows IoT Core Insider Preview ISO. Mount it and then install the MSI. Next, you'll need to go into Disk Management (diskmgmt.msc) and create a new 4GB VHD by clicking Action-> Create VHD. Set the location to any place you wish for it to be, set the size to 4GB and keep the rest the same. Pay attention to the disk number shown in the Disk Management screen after you create and mount that VHD (They have a blue drive icon to the left of them).

    When this is complete, open up an elevated command prompt. Go to C:\Program Files (x86\Microsoft IoT\FFU.
    Run the following command:

    Code: 
    dism.exe /Apply-Image /ImageFile:flash.ffu /ApplyDrive:\\.\PhysicalDriveN /SkipPlatformCheck

    Where N is the disk number. At this point, you should start seeing a bunch of volumes created. The MainOS volume is the one we'll care about.
    Go to that drive and copy the Windows\System32\cmd.exe and Windows\system32\en-us\cmd.exe.mui to your phone's Document's folder.

    Next step is to open up the Interop Tools app, and tap on the Interop Unlock menu item from the hamburger menu. Select the option to restore NDTKSvc, reboot.
    When the device comes back up, re-open Interop Tools and this time click on the Registry Editor from the hamburger menu.

    Enter the following values, then press Write Data:

    Registry Hive : HKEY_LOCAL_MACHINE
    Registry Type: String
    Registry Key Path: SYSTEM\Controlset001\Control\SSH\Sirepuser
    Registry Value Name: default-shell
    Registry Value Data: C:\Data\Users\Public\Documents\cmd.exe

    Write this key tap on the hamburger menu and go to the Registry Browser. Travel to HKEY_LOCAL_MACHINE -> SYSTEM -> ControlSet001 -> Control -> Ci.

    Tap the + button on the application bar and make sure the values are set to the following and then press Write:

    Registry Hive: HKEY_LOCAL_MACHINE
    Registry Type: Integer
    Registry Key Path: SYSTEM\ControlSet001\Control\CI
    Registry Value Name: UMCIAuditMode
    Registry Value Data: 1

    This actually enables the execution of unsigned executables. This is how we end up making CMD and the other programs work ^_^.

    Reboot your phone. Wait a good 3-5 minutes before you try doing anything because your phone will be acting very unstable (Some apps crashing, and others working).
    While you have pageant open and the private key added, open up a putty SSH session to your phone using the username of Sirepuser. You should be delighted at this point (If you did everything correctly) to see a Command Prompt. You should be getting random resource string errors when you try typing DIR, etc and this is due to the fact that we don't have the mui string in the correct place. Let's fix that.

    ONE BIG THING TO NOTE: running CMD in SSH is very sensitive to keystrokes. If you are typing a command and press backspace even once, then the command won't send at all. It will state that it doesn't recognize what you're doing, so be sure to type these things in FLAWLESSLY (yeah it's annoying)


    What we want to do now is then copy the cmd.exe to C:\Windows\System32 and the cmd.exe.mui to C:\Windows\System32\en-US. Run the following commands:

    copy c:\Data\Users\Public\cmd.exe c:\Windows\System32
    copy c:\Data\Users\Public\cmd.exe.mui c:\Windows\System32\en-US

    Back on your phone, go back to Interop Tools and click on the Registry Editor. Follow the same exact steps as you did for changing the default-shell key, but make one change:

    Registry Value Data: C:\Windows\system32\cmd.exe

    At this point, restart your putty session and then you'll be good to go with CMD running over SSH as SYSTEM!

    Extra:

    There was a reason I said to copy off the system32 folder somewhere... If you follow the same process to get the files to your Documents folder and move them over to system32, you can have quite a bit of exes to run from the command line. The easiest thing to do is to use xcopy to get everything there.

    Extra #2:
    You can run .NET Console apps in CMD if they are named the following 3 names: TailoredDeploy.exe, WConnectAgent.exe or WConnectAgentLauncher.exe.

    Make a directory on your SD Card named "test" or put it in the test directory on your phone's C: drive and it should go. Beware that the runtime is weird on the phone and not ALL things are possible to do with a .NET Console app

    PLEASE... For the love of god DO NOT add DefApps to the Administrators group if you don't want all of your apps to stop working



    Have fun ^_^

    Also...

    USE THIS AT YOUR OWN RISK! I AM NOT RESPONSIBLE IF YOU BLOW UP YOUR PHONE ON PURPOSE OR BY ACCIDENT :)
    View
    6
    G
    GoodDayToDie
    Great guide, @snickler!

    A few things I've found useful:
    1. Don't use the "Sirepuser" SSH/SFTP user for shell and file system access; it breaks deploying stuff to the phone (until you restore its default configuration). Instead, create a new user, give it the same username as your PC username, and set that one up (this is easy to do using the Interop Tools app). That lets you remote in to run arbitrary stuff, without screwing up your phone. It also means you don't have to supply a username anymore (at least for command-line tools); the client will use your username by default.
    2. If you want to add a bunch of programs but don't want to worry about putting them in the MainOS partition (which is limited size and doesn't get cleared on hard reset), consider
      Code: 
      C:\Data\Test\Bin
      (or U:\Test\Bin, same thing), which is in the Data partition but also included in PATH by default.
    3. Two programs to make sure you have in your phone's PATH (or otherwise easily reached) are TLIST.EXE (task list, similar to the usual "tasklist.exe" on Windows except inexplicably superior; for example, it supports giving a tree output showing process ancestry) and KILL.EXE (again, much like "taskkill.exe" on Windows except better). These are included in the Win10IoT System32 directory.
    4. While SSH/SFTP have the huge advantage of security, the server on the phone kiiinda sucks. For much better performance, reliability, and compatibility, use TELNETD and FTPD, attached to this post. Copy the files to the phone, preferably somewhere easy like U:\Test\Bin. To start them, SSH to the phone, then run the commands
      Code: 
      start TELNETD cmd.exe
      Code: 
      start FTPD
      Note that this will leave them running at all times; use tlist.exe and kill.exe to shut them down when finished or you give anybody on the same WiFi as you total control of your phone! You can use the telnet client built into Windows (you'll need to enable it from OptionalFeatures.exe), or use the one that comes with the Linux subsystem for Windows (bash.exe), or use a third-party one like PuTTY. For FTP, you *can* just use command line or browser-based (or third-party) FTP, but the best option is just to use the built-in support in Explorer; just navigate to "ftp://<YOUR_PHONE_IP>" and you'll see the root of the phone's filesystem. Advantages:
      • Both FTP and Telnet are really fast. SSH/SFTP is good, these are better.
      • No need for third-party clients, setting protocol levels, etc.
      • FTPD doesn't choke on large files the way the phone's SFTP server does, at least for me.
      • TELNETD supports things like "backspace" and "arrow keys" and other highly-advanced concepts. Tab completion works!
      The obvious downside: there is no user authentication, no server authentication, no encryption, and no integrity checks. In other words, it is completely insecure. DO NOT USE THIS ON A SHARED WIFI NETWORK!
    5. For Powershell, use TELNETD. Either run powershell after connecting to telnet, or just launch TELNETD pointing at powershell.exe. If you want to run multiple instances of TELNETD, you have to put them on different ports; add a second parameter with the port number.
      Code: 
      start telentd C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 2323
      Tell your telnet client to connect on that port ("telnet <PHONE_IP> 2323"). For me, everything I've tried so far is working. No doubled input, I can see all the output, I can run programs, error messages are colored red, etc.
    View
    3
    sensboston
    sensboston
    djtonka said:
    Does anyone could export registry System\Currentcontrolset\control\ssh\sirepuser?
    On my 550 there is no keys at all.
    Click to expand...
    Click to collapse

    Use reg.exe (from IoT RPI), run via ssh session. Here are all commadls for this tool. In your case it should look like:
    Code: 
    [B]reg.exe export HKLM\System\CurrentControlSet\Control\SSH\Sirepuser C:\Data\Users\Public\Documents\sirepuser.reg[/B]

    P.S. BTW, I've grabbed that file for you from my L-950; it was quicker than type this post-scriptum :D
    View
    3
    W
    winphouser
    [Tweaks.xml] Enable Full FS over SFTP

    Code: 
      <contributor>snickler @ xda-developers</contributor>

  <tweak category="System" name="Enable Full FS over SFTP" type="toggle">
    <entry path="HKLM\System\Currentcontrolset\control\ssh\sirepuser" name="sftp-home-dir" type="string" default="%FOLDERID_SharedData%\PhoneTools\">
      <value>C:\</value>
    </entry>
    <entry path="HKLM\System\Currentcontrolset\control\ssh\sirepuser" name="default-home-dir" type="string" default="%FOLDERID_SharedData%\PhoneTools\">
      <value>C:\</value>
    </entry>
    <entry path="HKLM\System\Currentcontrolset\control\ssh\sirepuser" name="sftp-mkdir-rex" type="string" default="%FOLDERID_SharedData%\\PhoneTools\\.*">
      <value>.*</value>
    </entry>
    <entry path="HKLM\System\Currentcontrolset\control\ssh\sirepuser" name="sftp-open-dir-rex" type="string" default="%FOLDERID_SharedData%\\PhoneTools(\\.*)*">
      <value>.*</value>
    </entry>
    <entry path="HKLM\System\Currentcontrolset\control\ssh\sirepuser" name="sftp-read-file-rex" type="string" default="%FOLDERID_SharedData%\\PhoneTools\\.*">
      <value>.*</value>
    </entry>
    <entry path="HKLM\System\Currentcontrolset\control\ssh\sirepuser" name="sftp-remove-file-rex" type="string" default="%FOLDERID_SharedData%\\PhoneTools\\.*">
      <value>.*</value>
    </entry>
    <entry path="HKLM\System\Currentcontrolset\control\ssh\sirepuser" name="sftp-rmdir-rex" type="string" default="%FOLDERID_SharedData%\\PhoneTools\\.*">
      <value>.*</value>
    </entry>
    <entry path="HKLM\System\Currentcontrolset\control\ssh\sirepuser" name="sftp-stat-rex" type="string" default="%FOLDERID_SharedData%\\PhoneTools\\.*">
      <value>.*</value>
    </entry>
    <entry path="HKLM\System\Currentcontrolset\control\ssh\sirepuser" name="sftp-write-file-rex" type="string" default="%FOLDERID_SharedData%\\PhoneTools\\.*">
      <value>.*</value>
    </entry>
  </tweak>

    Ping @sensboston @kwanice @vcfan @Pasquiindustry
    View
    3
    V
    vcfan
    i may have found a way to get all privileges. i have code running now with mostly everything including SeTcbPrivilege
    View

New posts