Microsoft offering free unlocks, 2 app sideload limit

W

WithinRafael

Senior Member
Mar 17, 2010
147
48
0
Bellevue, WA
www.withinwindows.com
Aug 6, 2013 at 8:58 PM
Microsoft just announced today that Windows Phone developers can now unlock their devices for free, with a 2-app sideload limit. Those needing higher limits can grab an account for cheap during the summer ($19 USD).

Just use your Microsoft account with the Windows Phone Developer Registration tool and you should be off and running.

Beginning today we are simplifying the developer phone registration process. Now, any developer can unlock and register 1 phone to load up to 2 apps. Registered developers with Dev Center accounts continue to have the option to unlock up to 3 phones and upload up to 10 apps on each.
Click to expand...
 
  • Like
Reactions: spamam1, mikaelel, Budniu and 6 others
thals1992

thals1992

Senior Member
Sep 26, 2012
680
237
73
Cincinnati, OH
www.uidnation.com
Aug 6, 2013 at 9:37 PM
WithinRafael said:
Microsoft just announced today that Windows Phone developers can now unlock their devices for free, with a 2-app sideload limit. Those needing higher limits can grab an account for cheap during the summer ($19 USD).

Just use your Microsoft account with the Windows Phone Developer Registration tool and you should be off and running.
Click to expand...
Thats awesome news! That gets rid of the need for Chevron mods for all those WP7 people and that makes it easy to test WP8 apps.
 
IzaacJ

IzaacJ

Inactive Recognized Developer
Sep 2, 2008
688
91
0
31
Eskilstuna
izaacj.github.io
Aug 7, 2013 at 2:05 PM
This whole thing got me thinking, there might be someway to "abuse" the XAP installer that processes the XAP, since the XAP is downloaded straight from the browser.
Hopefully there's some vulnerabilities in the installer.
 
G

GoodDayToDie

Inactive Recognized Developer
Jan 20, 2011
6,066
2,930
0
Seattle
Aug 7, 2013 at 6:43 PM
Not sure what you mean by "the XAP is downloaded straight from the browser" - Store apps are downloaded over HTTP (HTTPS actually, with cert pinning to boot) but the only apps I've seen actually install if they were downloaded from a web browser (or via email attachment, or sent using Bluetooth) are company / LOB apps, not store apps or unsigned (homebrew/development) apps.

That said, the XAPs do get processed by the installer (and rejected) anyhow. It's possible there's a vulnerability in that check process; is that what you're thinking of? If so, I don't believe it has anything to do with the news in this thread in particular (although it *might* help to have dev-unlock enabled) but it's a worthwhile path of exploration anyhow. The XAP installer is one of the relatively few parts of the system that has fairly high permissions but is easily attackable. Of course, that means MS will have reviewed and fuzz tested the hell out of it, but we can hope...
 
  • Like
Reactions: pdaimatejam
IzaacJ

IzaacJ

Inactive Recognized Developer
Sep 2, 2008
688
91
0
31
Eskilstuna
izaacj.github.io
Aug 7, 2013 at 9:19 PM
GoodDayToDie said:
Not sure what you mean by "the XAP is downloaded straight from the browser" - Store apps are downloaded over HTTP (HTTPS actually, with cert pinning to boot) but the only apps I've seen actually install if they were downloaded from a web browser (or via email attachment, or sent using Bluetooth) are company / LOB apps, not store apps or unsigned (homebrew/development) apps.

That said, the XAPs do get processed by the installer (and rejected) anyhow. It's possible there's a vulnerability in that check process; is that what you're thinking of? If so, I don't believe it has anything to do with the news in this thread in particular (although it *might* help to have dev-unlock enabled) but it's a worthwhile path of exploration anyhow. The XAP installer is one of the relatively few parts of the system that has fairly high permissions but is easily attackable. Of course, that means MS will have reviewed and fuzz tested the hell out of it, but we can hope...
Click to expand...
The XAP's developed in App Studio are downloaded in the browser on the phone, not from the store, which could prove to be a vulnerability, but there might be cert pinning since App Studio apps require you to install a certificate first. Hopefully someone with more knowledge, like you, could look at it. Just prep a simple app in App Studio and go through the process and see what you'll be able to find.
Maybe Fiddler might help to determinate if any cert pinning is done?
 
G

GoodDayToDie

Inactive Recognized Developer
Jan 20, 2011
6,066
2,930
0
Seattle
Aug 7, 2013 at 11:07 PM
Ah sorry, I wasn't looking at App Studio. I will investigate... but unless they're giving us access to the signing key, or raw access to the XAP, it probably won't work for anything *too* exciting. Still, if it's a way to install signed apps that we write ourselves (to any meaningful degree), there's hope...
 
  • Like
Reactions: farafr and pdaimatejam
IzaacJ

IzaacJ

Inactive Recognized Developer
Sep 2, 2008
688
91
0
31
Eskilstuna
izaacj.github.io
Aug 8, 2013 at 7:06 PM
GoodDayToDie said:
Ah sorry, I wasn't looking at App Studio. I will investigate... but unless they're giving us access to the signing key, or raw access to the XAP, it probably won't work for anything *too* exciting. Still, if it's a way to install signed apps that we write ourselves (to any meaningful degree), there's hope...
Click to expand...
If I've understood it correctly, there is possibility to do changes to the XAP.
Note this tool is browser driven - no Windows 8 machine required - if you're not going to modify the source code that is. There are plans on the way for more goodies, so keep posted.
Click to expand...
- Source
 
G

GoodDayToDie

Inactive Recognized Developer
Jan 20, 2011
6,066
2,930
0
Seattle
Aug 8, 2013 at 10:34 PM
Cool. Looks like I need to send a request to get into the beta. I should do that... see what I get back. If the XAPs aren't signed, they probably won't be useful for breaking anything but the interaction with the browser might be interesting. If they are signed...
 
IzaacJ

IzaacJ

Inactive Recognized Developer
Sep 2, 2008
688
91
0
31
Eskilstuna
izaacj.github.io
Aug 8, 2013 at 11:13 PM
GoodDayToDie said:
Cool. Looks like I need to send a request to get into the beta. I should do that... see what I get back. If the XAPs aren't signed, they probably won't be useful for breaking anything but the interaction with the browser might be interesting. If they are signed...
Click to expand...
I didn't have to sign up for the beta, think I could use it right away since I'm a registered dev. Just signed in with my dev account and tried it out right away.
 
thals1992

thals1992

Senior Member
Sep 26, 2012
680
237
73
Cincinnati, OH
www.uidnation.com
Aug 9, 2013 at 3:49 AM
How the Windows Phone App Studio deploys

thals1992 said:
Awwman! I sent the request more than 24 hours ago and I still haven't received any emails. Also I'm a registered dreamspark dev, but that expired March.
Click to expand...
Finally got mine a few hours ago. Haven't got very deep in it yet, but the templates are convenient.

---------- Post added at 10:49 PM ---------- Previous post was at 10:35 PM ----------
IzaacJ said:
The XAP's developed in App Studio are downloaded in the browser on the phone, not from the store, which could prove to be a vulnerability, but there might be cert pinning since App Studio apps require you to install a certificate first. Hopefully someone with more knowledge, like you, could look at it. Just prep a simple app in App Studio and go through the process and see what you'll be able to find.
Maybe Fiddler might help to determinate if any cert pinning is done?
Click to expand...
Here's the output of an almost empty app.


First things first

Remember you have to install the Certificate we sent you via Email.
Click to expand...
links to dowappdiagnostics.blob.com/aet/AET.aetx
Code: 
<wap-provisioningdoc>
  <characteristic type="EnterpriseAppManagement">
    <characteristic type="5342258">
      <parm datatype="string" name="EnrollmentToken" value="PEFFVD48RW50ZXJwcmlzZUlkIFZhbHVlPSI1MzQyMjU4IiAvPjxTaWduYXR1cmUgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxTaWduZWRJbmZvPjxDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUiIC8+PFNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiIC8+PFJlZmVyZW5jZSBVUkk9IiI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIiAvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2IiAvPjxEaWdlc3RWYWx1ZT5qbVBocDJSTjAydEoxWkJILzVyS0kzVk9tWjNDTmVHOG02bVVIbCtNNkNvPTwvRGlnZXN0VmFsdWU+PC9SZWZlcmVuY2U+PC9TaWduZWRJbmZvPjxTaWduYXR1cmVWYWx1ZT5OcXlEQ3Qvb0RUb3JIOFBrYlJHNDZNRFpVcTNreWhod1ZEQW5ocUtoYTYxSzhhcEk3SzNkNEJTcmQ1SXFaQVdraEMvRTFmNThRWWF4QWhRaEtPajRhdUxNNG5RaHowNis2OU96em84Q1RYMERjYUxJNHJWWXh4VGdvdXRWSzBnVkc1bVU4c0trZjQ3VmhGSnd4ZndPRHNwdGp1cmZyODNUVFN6OEJjZDlydW9ORGpZV25QWU9wTU9rRnZuNEFVb3hBdzE5M3BjYWsrZmV5c29udEN0cUw2OUNVRUEwTXhTczBXdGVxVkdLVWphd3JPSlJ5SVE3UkFLV1hxZnl3RDVQUS91M0h0REZBRDBGVXgxRDlkZ2VYWlQyZzZIZUxxZkVmdkxCcXY0cHA2ZjZFVXJ4RDVFNkNIV1lXWE9FZnVSbmZVaUFNS2dwZnIrMTBHMUJRZlphQUE9PTwvU2lnbmF0dXJlVmFsdWU+PEtleUluZm8+PFg1MDlEYXRhPjxYNTA5U3ViamVjdE5hbWU+Q0E8L1g1MDlTdWJqZWN0TmFtZT48WDUwOUNlcnRpZmljYXRlPk1JSUVTRENDQXpDZ0F3SUJBZ0lRTWYyNzRvTTRBRDkvS09ZV1lCWDB6akFOQmdrcWhraUc5dzBCQVFzRkFEQmtNUXN3Q1FZRFZRUUdFd0pWVXpFZE1Cc0dBMVVFQ2hNVVUzbHRZVzUwWldNZ1EyOXljRzl5WVhScGIyNHhOakEwQmdOVkJBTVRMVk41YldGdWRHVmpJRVZ1ZEdWeWNISnBjMlVnVFc5aWFXeGxJRkp2YjNRZ1ptOXlJRTFwWTNKdmMyOW1kREFlRncweE1qQXpNVFV3TURBd01EQmFGdzB5TnpBek1UUXlNelU1TlRsYU1JR1NNUXN3Q1FZRFZRUUdFd0pWVXpFZE1Cc0dBMVVFQ2hNVVUzbHRZVzUwWldNZ1EyOXljRzl5WVhScGIyNHhMakFzQmdOVkJBc1RKVmRwYm1SdmQzTWdVR2h2Ym1VZ1JXNTBaWEp3Y21selpTQkJjSEJzYVdOaGRHbHZibk14TkRBeUJnTlZCQU1USzFONWJXRnVkR1ZqSUVWdWRHVnljSEpwYzJVZ1RXOWlhV3hsSUVOQklHWnZjaUJOYVdOeWIzTnZablF3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ3lhVWxNM1VLUW1QNnF5RzdwM0g1bjh0MXpnb3BhUUMrMTVlQlhDaUdXZVJQelIzNFlWeHpvODBSWVlpMHJmMEt0TzlmazVlbTk3ZUw0Y3pRT2hVUE1xK3d0OXQwTEREZjBCcFM3OVlXK0N2SFZwazNCaHlEZTZMai9MaUJSSWY2RWMrRUdjMXNhLy84NVE1eUlxT1RkMU5RQWJBY1oxeDlHOTI1a2RYS24zajZUNTdqNWErNXlQQng5elo0SnNCdm0rc0F6SnI0Mzd5Y2hrK2pwd3BONUJMTFdGMkdLbkVGWGxjSllQYmVvSXlJZkZxa3cxYUpQVGd1cmswWEpnVklXWmozVE1IdHcrcms0dEgxMGIwTmVscFJaRndhLzQ4c1ZmTHE1b1BIS2ZpNFNrUjZmcjRiQWZqQ2R1Z0pyOGJ5NHlpL3dxWUVGMm4zVDJiKzJwZGtsQWdNQkFBR2pnY1l3Z2NNd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFEQkZCZ05WSFI4RVBqQThNRHFnT0tBMmhqUm9kSFJ3T2k4dlkzSnNMbWRsYjNSeWRYTjBMbU52YlM5amNteHpMMjF6Wm5SbGJuUnRiMkpwYkdWeWIyOTBZMkV1WTNKc01CWUdBMVVkSlFRUE1BMEdDMkNHU0FHRytFVUJDRFFCTUE0R0ExVWREd0VCL3dRRUF3SUJCakFkQmdOVkhRNEVGZ1FVWENwa0cxa1NEdXB3Z0NFVU9GS3RDTW5wbG9Bd0h3WURWUjBqQkJnd0ZvQVVUZXpmSmdiY0pCREF0cG4wMXpuSGJ4bjRKaWd3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUR4V0dkVTB5dHpOd2ZZbEhmMy8rTDNoYkJNZG1XTnNnNktBS2pDQnY4a2d2SDk3b0xXZTE1c01mSG1RNGo5ZVErMDJpdVpFV1FRU0ZZV0xTd0gxTm5WbHpIK1MzMDV4bFFlTVFEVWxVMWxoZGpOeUpXYlFlR0J0OFZZa09JQ005L1pUdm5yMm1YdVpsVHR4eHE4V2U4WTUyK2VaK0Y1R2QrSjBIYmZkYmF3YVhVYXF4L1FnQ3d6TTM4cW9pQld4d2JQZXRXbk83OHhjMmdlYjdSMzBia3hTUXJMTTRFVGNTanhIb3AwaC9JQVdVZUhIcHh3Y29tWkt5NzV1UEllLzJlTnZtcFZLb0dEb0pJOHB6YlNOaDZDMUxLMUZ5ZDNrYXhiQVZKcGVLcFVJSk9Ka0RubzM0bG9hOStZa1BRc1ZIRjI2TVVLQ1BRMHYxdTdqNGY1V3c0cz08L1g1MDlDZXJ0aWZpY2F0ZT48L1g1MDlEYXRhPjxYNTA5RGF0YT48WDUwOUNlcnRpZmljYXRlPk1JSUVMekNDQXhlZ0F3SUJBZ0lDQWFFd0RRWUpLb1pJaHZjTkFRRUxCUUF3Z1pJeEN6QUpCZ05WQkFZVEFsVlRNUjB3R3dZRFZRUUtFeFJUZVcxaGJuUmxZeUJEYjNKd2IzSmhkR2x2YmpFdU1Dd0dBMVVFQ3hNbFYybHVaRzkzY3lCUWFHOXVaU0JGYm5SbGNuQnlhWE5sSUVGd2NHeHBZMkYwYVc5dWN6RTBNRElHQTFVRUF4TXJVM2x0WVc1MFpXTWdSVzUwWlhKd2NtbHpaU0JOYjJKcGJHVWdRMEVnWm05eUlFMXBZM0p2YzI5bWREQWVGdzB4TXpBMk1EZ3hOalE1TXpoYUZ3MHhOREEyTVRJd09URTNOVGRhTUZreEhqQWNCZ05WQkFzVEZVMXBZM0p2YzI5bWRDQkRiM0p3YjNKaGRHbHZiakVlTUJ3R0ExVUVBeE1WVFdsamNtOXpiMlowSUVOdmNuQnZjbUYwYVc5dU1SY3dGUVlLQ1pJbWlaUHlMR1FCQVJNSE5UTTBNakkxT0RDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTVJ3RG1kQzBkM1lGUXNON2FVZnd3WHA1T2RINGYrYlVmWlJMZHlrS2tUS3MyZVFGTHRRL3pUSElobkxEVlYxR2djbGtNeUNGdXFYNk1qZUVWVXlCNFJxS1JvYkI1MTRxa21ZSGdSdUx6emdLcnRSMFdFSy9wMUFwejZRT1RSb05GMVhGK0Y2aitESjBqRFhaV0xveHl0V1hrTjJ4cUJiVmRjNXVGTEE0d1U2L2dFYWp5ZWJTOWFyaDRuWTBNWThsUHBxRE1KTVlRNVQxNVUwdGprdVk3UWtXTnIvMGhGelZneWRaRFRyb2puY2FpSmd1Wm5kRGhjK2NUS3V1OEdKanlkUW9BcUJ5WGNSbnBIS0s0Y3lYZ2JUNjJFUllqVUtYcVVFWmFURlh0dGdyanR5Y2Q5VTM0L3k0dG5TUTYybS9vanIvUjJLaDE4cnhpSTRCWjY5ZitFQ0F3RUFBYU9CeGpDQnd6QWZCZ05WSFNNRUdEQVdnQlJjS21RYldSSU82bkNBSVJRNFVxMEl5ZW1XZ0RBT0JnTlZIUThCQWY4RUJBTUNCNEF3SUFZRFZSMGxCQmt3RndZSUt3WUJCUVVIQXdNR0MyQ0dTQUdHK0VVQkNEUUJNRUVHQTFVZEh3UTZNRGd3TnFBMG9ES0dNR2gwZEhBNkx5OWpjbXd1WjJWdmRISjFjM1F1WTI5dEwyTnliSE12YlhObWRHVnVkRzF2WW1sc1pXTmhMbU55YkRBTUJnTlZIUk1CQWY4RUFqQUFNQjBHQTFVZERnUVdCQlFKQk1lRmYvdUIxeFZHcTVESTluYm9ZTnE2bXpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQUhRV0dzQmpjcWRoK2F6QjJ0MGxXREJJMWFJRTZVZlQ5cjJUYktBN2pkdjRzdk5KRGIrcy9mTit2ZXMydFJqV25YaDZIS0xacVNkbFpUT3NodzIxV1UxNEE1bUlNNnRMNVdGL1F6dll5aU5HTHAwU1VNa2pSdXpFRDlaT0RrSElkV21Ca0FDS1pGWE92ajQ2TWxPVGZLYVJQdXZPR1NEYktkbGRVY3dWalR3UWpnbHpTY05hUjROL3l0M2FsRUUxQ01jZXJjYUpFZ2xITmpsc0svUFZkMGFTU1YzeHRhNmNvTHBURFlFVlB4bjJ4QnVQd21JeHJ6VHh1QkhUMmNSakN3WDhobC9kRkFxSC94YzBQWFQzbEFVbzZDMDY2b2lEZ3JTQ1gwYUhGcVlTZjROZVNselQ5NFdZTWsrblEwdFBLclVvV2p2N1d1UTlWSUsrMzhmQm5HUT09PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PC9BRVQ+"/>
    </characteristic>
  </characteristic>
</wap-provisioningdoc>
Link to app
http://bit.ly/19fnUyO

It also offers the source code:
http://apps.windowsstore.com/DashBo...4ab6a18?version=59091.elpplk&resource=sources

The file is named WPAppStudio.xap



THIS JUST ADDS MICROSOFT CORPORATION AS A COMPANY ACCOUNT AND DEPLOYS AN XAP BASED ON IT.
So, this isn't really good news. Back to looking at a company account exploit?
 
Last edited:
IzaacJ

IzaacJ

Inactive Recognized Developer
Sep 2, 2008
688
91
0
31
Eskilstuna
izaacj.github.io
Aug 9, 2013 at 3:28 PM
thals1992 said:
Finally got mine a few hours ago. Haven't got very deep in it yet, but the templates are convenient.

---------- Post added at 10:49 PM ---------- Previous post was at 10:35 PM ----------



Here's the output of an almost empty app.



links to dowappdiagnostics.blob.com/aet/AET.aetx
Code: 
<wap-provisioningdoc>
  <characteristic type="EnterpriseAppManagement">
    <characteristic type="5342258">
      <parm datatype="string" name="EnrollmentToken" value="PEFFVD48RW50ZXJwcmlzZUlkIFZhbHVlPSI1MzQyMjU4IiAvPjxTaWduYXR1cmUgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxTaWduZWRJbmZvPjxDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUiIC8+PFNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiIC8+PFJlZmVyZW5jZSBVUkk9IiI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIiAvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2IiAvPjxEaWdlc3RWYWx1ZT5qbVBocDJSTjAydEoxWkJILzVyS0kzVk9tWjNDTmVHOG02bVVIbCtNNkNvPTwvRGlnZXN0VmFsdWU+PC9SZWZlcmVuY2U+PC9TaWduZWRJbmZvPjxTaWduYXR1cmVWYWx1ZT5OcXlEQ3Qvb0RUb3JIOFBrYlJHNDZNRFpVcTNreWhod1ZEQW5ocUtoYTYxSzhhcEk3SzNkNEJTcmQ1SXFaQVdraEMvRTFmNThRWWF4QWhRaEtPajRhdUxNNG5RaHowNis2OU96em84Q1RYMERjYUxJNHJWWXh4VGdvdXRWSzBnVkc1bVU4c0trZjQ3VmhGSnd4ZndPRHNwdGp1cmZyODNUVFN6OEJjZDlydW9ORGpZV25QWU9wTU9rRnZuNEFVb3hBdzE5M3BjYWsrZmV5c29udEN0cUw2OUNVRUEwTXhTczBXdGVxVkdLVWphd3JPSlJ5SVE3UkFLV1hxZnl3RDVQUS91M0h0REZBRDBGVXgxRDlkZ2VYWlQyZzZIZUxxZkVmdkxCcXY0cHA2ZjZFVXJ4RDVFNkNIV1lXWE9FZnVSbmZVaUFNS2dwZnIrMTBHMUJRZlphQUE9PTwvU2lnbmF0dXJlVmFsdWU+PEtleUluZm8+PFg1MDlEYXRhPjxYNTA5U3ViamVjdE5hbWU+Q0E8L1g1MDlTdWJqZWN0TmFtZT48WDUwOUNlcnRpZmljYXRlPk1JSUVTRENDQXpDZ0F3SUJBZ0lRTWYyNzRvTTRBRDkvS09ZV1lCWDB6akFOQmdrcWhraUc5dzBCQVFzRkFEQmtNUXN3Q1FZRFZRUUdFd0pWVXpFZE1Cc0dBMVVFQ2hNVVUzbHRZVzUwWldNZ1EyOXljRzl5WVhScGIyNHhOakEwQmdOVkJBTVRMVk41YldGdWRHVmpJRVZ1ZEdWeWNISnBjMlVnVFc5aWFXeGxJRkp2YjNRZ1ptOXlJRTFwWTNKdmMyOW1kREFlRncweE1qQXpNVFV3TURBd01EQmFGdzB5TnpBek1UUXlNelU1TlRsYU1JR1NNUXN3Q1FZRFZRUUdFd0pWVXpFZE1Cc0dBMVVFQ2hNVVUzbHRZVzUwWldNZ1EyOXljRzl5WVhScGIyNHhMakFzQmdOVkJBc1RKVmRwYm1SdmQzTWdVR2h2Ym1VZ1JXNTBaWEp3Y21selpTQkJjSEJzYVdOaGRHbHZibk14TkRBeUJnTlZCQU1USzFONWJXRnVkR1ZqSUVWdWRHVnljSEpwYzJVZ1RXOWlhV3hsSUVOQklHWnZjaUJOYVdOeWIzTnZablF3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ3lhVWxNM1VLUW1QNnF5RzdwM0g1bjh0MXpnb3BhUUMrMTVlQlhDaUdXZVJQelIzNFlWeHpvODBSWVlpMHJmMEt0TzlmazVlbTk3ZUw0Y3pRT2hVUE1xK3d0OXQwTEREZjBCcFM3OVlXK0N2SFZwazNCaHlEZTZMai9MaUJSSWY2RWMrRUdjMXNhLy84NVE1eUlxT1RkMU5RQWJBY1oxeDlHOTI1a2RYS24zajZUNTdqNWErNXlQQng5elo0SnNCdm0rc0F6SnI0Mzd5Y2hrK2pwd3BONUJMTFdGMkdLbkVGWGxjSllQYmVvSXlJZkZxa3cxYUpQVGd1cmswWEpnVklXWmozVE1IdHcrcms0dEgxMGIwTmVscFJaRndhLzQ4c1ZmTHE1b1BIS2ZpNFNrUjZmcjRiQWZqQ2R1Z0pyOGJ5NHlpL3dxWUVGMm4zVDJiKzJwZGtsQWdNQkFBR2pnY1l3Z2NNd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFEQkZCZ05WSFI4RVBqQThNRHFnT0tBMmhqUm9kSFJ3T2k4dlkzSnNMbWRsYjNSeWRYTjBMbU52YlM5amNteHpMMjF6Wm5SbGJuUnRiMkpwYkdWeWIyOTBZMkV1WTNKc01CWUdBMVVkSlFRUE1BMEdDMkNHU0FHRytFVUJDRFFCTUE0R0ExVWREd0VCL3dRRUF3SUJCakFkQmdOVkhRNEVGZ1FVWENwa0cxa1NEdXB3Z0NFVU9GS3RDTW5wbG9Bd0h3WURWUjBqQkJnd0ZvQVVUZXpmSmdiY0pCREF0cG4wMXpuSGJ4bjRKaWd3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUR4V0dkVTB5dHpOd2ZZbEhmMy8rTDNoYkJNZG1XTnNnNktBS2pDQnY4a2d2SDk3b0xXZTE1c01mSG1RNGo5ZVErMDJpdVpFV1FRU0ZZV0xTd0gxTm5WbHpIK1MzMDV4bFFlTVFEVWxVMWxoZGpOeUpXYlFlR0J0OFZZa09JQ005L1pUdm5yMm1YdVpsVHR4eHE4V2U4WTUyK2VaK0Y1R2QrSjBIYmZkYmF3YVhVYXF4L1FnQ3d6TTM4cW9pQld4d2JQZXRXbk83OHhjMmdlYjdSMzBia3hTUXJMTTRFVGNTanhIb3AwaC9JQVdVZUhIcHh3Y29tWkt5NzV1UEllLzJlTnZtcFZLb0dEb0pJOHB6YlNOaDZDMUxLMUZ5ZDNrYXhiQVZKcGVLcFVJSk9Ka0RubzM0bG9hOStZa1BRc1ZIRjI2TVVLQ1BRMHYxdTdqNGY1V3c0cz08L1g1MDlDZXJ0aWZpY2F0ZT48L1g1MDlEYXRhPjxYNTA5RGF0YT48WDUwOUNlcnRpZmljYXRlPk1JSUVMekNDQXhlZ0F3SUJBZ0lDQWFFd0RRWUpLb1pJaHZjTkFRRUxCUUF3Z1pJeEN6QUpCZ05WQkFZVEFsVlRNUjB3R3dZRFZRUUtFeFJUZVcxaGJuUmxZeUJEYjNKd2IzSmhkR2x2YmpFdU1Dd0dBMVVFQ3hNbFYybHVaRzkzY3lCUWFHOXVaU0JGYm5SbGNuQnlhWE5sSUVGd2NHeHBZMkYwYVc5dWN6RTBNRElHQTFVRUF4TXJVM2x0WVc1MFpXTWdSVzUwWlhKd2NtbHpaU0JOYjJKcGJHVWdRMEVnWm05eUlFMXBZM0p2YzI5bWREQWVGdzB4TXpBMk1EZ3hOalE1TXpoYUZ3MHhOREEyTVRJd09URTNOVGRhTUZreEhqQWNCZ05WQkFzVEZVMXBZM0p2YzI5bWRDQkRiM0p3YjNKaGRHbHZiakVlTUJ3R0ExVUVBeE1WVFdsamNtOXpiMlowSUVOdmNuQnZjbUYwYVc5dU1SY3dGUVlLQ1pJbWlaUHlMR1FCQVJNSE5UTTBNakkxT0RDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTVJ3RG1kQzBkM1lGUXNON2FVZnd3WHA1T2RINGYrYlVmWlJMZHlrS2tUS3MyZVFGTHRRL3pUSElobkxEVlYxR2djbGtNeUNGdXFYNk1qZUVWVXlCNFJxS1JvYkI1MTRxa21ZSGdSdUx6emdLcnRSMFdFSy9wMUFwejZRT1RSb05GMVhGK0Y2aitESjBqRFhaV0xveHl0V1hrTjJ4cUJiVmRjNXVGTEE0d1U2L2dFYWp5ZWJTOWFyaDRuWTBNWThsUHBxRE1KTVlRNVQxNVUwdGprdVk3UWtXTnIvMGhGelZneWRaRFRyb2puY2FpSmd1Wm5kRGhjK2NUS3V1OEdKanlkUW9BcUJ5WGNSbnBIS0s0Y3lYZ2JUNjJFUllqVUtYcVVFWmFURlh0dGdyanR5Y2Q5VTM0L3k0dG5TUTYybS9vanIvUjJLaDE4cnhpSTRCWjY5ZitFQ0F3RUFBYU9CeGpDQnd6QWZCZ05WSFNNRUdEQVdnQlJjS21RYldSSU82bkNBSVJRNFVxMEl5ZW1XZ0RBT0JnTlZIUThCQWY4RUJBTUNCNEF3SUFZRFZSMGxCQmt3RndZSUt3WUJCUVVIQXdNR0MyQ0dTQUdHK0VVQkNEUUJNRUVHQTFVZEh3UTZNRGd3TnFBMG9ES0dNR2gwZEhBNkx5OWpjbXd1WjJWdmRISjFjM1F1WTI5dEwyTnliSE12YlhObWRHVnVkRzF2WW1sc1pXTmhMbU55YkRBTUJnTlZIUk1CQWY4RUFqQUFNQjBHQTFVZERnUVdCQlFKQk1lRmYvdUIxeFZHcTVESTluYm9ZTnE2bXpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQUhRV0dzQmpjcWRoK2F6QjJ0MGxXREJJMWFJRTZVZlQ5cjJUYktBN2pkdjRzdk5KRGIrcy9mTit2ZXMydFJqV25YaDZIS0xacVNkbFpUT3NodzIxV1UxNEE1bUlNNnRMNVdGL1F6dll5aU5HTHAwU1VNa2pSdXpFRDlaT0RrSElkV21Ca0FDS1pGWE92ajQ2TWxPVGZLYVJQdXZPR1NEYktkbGRVY3dWalR3UWpnbHpTY05hUjROL3l0M2FsRUUxQ01jZXJjYUpFZ2xITmpsc0svUFZkMGFTU1YzeHRhNmNvTHBURFlFVlB4bjJ4QnVQd21JeHJ6VHh1QkhUMmNSakN3WDhobC9kRkFxSC94YzBQWFQzbEFVbzZDMDY2b2lEZ3JTQ1gwYUhGcVlTZjROZVNselQ5NFdZTWsrblEwdFBLclVvV2p2N1d1UTlWSUsrMzhmQm5HUT09PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PC9BRVQ+"/>
    </characteristic>
  </characteristic>
</wap-provisioningdoc>
Link to app
http://bit.ly/19fnUyO

It also offers the source code:
http://apps.windowsstore.com/DashBo...4ab6a18?version=59091.elpplk&resource=sources

The file is named WPAppStudio.xap



THIS JUST ADDS MICROSOFT CORPORATION AS A COMPANY ACCOUNT AND DEPLOYS AN XAP BASED ON IT.
So, this isn't really good news. Back to looking at a company account exploit?
Click to expand...
It might be possible to find an exploit in the XAP installer that installs the XAPs from the browser, and use that to install an app with higher privileges, and accessing the filesystem and/or the registry with full access?
 
G

GoodDayToDie

Inactive Recognized Developer
Jan 20, 2011
6,066
2,930
0
Seattle
Aug 9, 2013 at 6:58 PM
Actually, that's pretty good. Company apps have lower restrictions, and are easier to install. Also, that's a provxml document... we should see if we can modify it and get it to do anything else interesting for us!
 
snickler

snickler

Retired Forum Moderator / Inactive Recognized Deve
Aug 17, 2010
1,320
1,130
0
Dub V
www.sinclairinat0r.com
Aug 9, 2013 at 8:58 PM
IzaacJ said:
@GoodDayToDie, @snickler I'm gonna try to use fiddler to redirect that request to my own server with an edited file and see what happens. Going to start with setting the MaxUnsignedApp value. Wish me luck ;)
Click to expand...
Ohhh please tell me how this works out! I wanted to do the same thing, but I have to wait for MS to get back with my invitation code.

Best of luck!
 
IzaacJ

IzaacJ

Inactive Recognized Developer
Sep 2, 2008
688
91
0
31
Eskilstuna
izaacj.github.io
Aug 9, 2013 at 9:37 PM
Last edited:
You must log in or register to reply here.

New posts

Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone