Microsoft offering free unlocks, 2 app sideload limit

WithinRafael

Senior Member
Mar 17, 2010
147
48
0
Bellevue, WA
www.withinwindows.com
Microsoft just announced today that Windows Phone developers can now unlock their devices for free, with a 2-app sideload limit. Those needing higher limits can grab an account for cheap during the summer ($19 USD).

Just use your Microsoft account with the Windows Phone Developer Registration tool and you should be off and running.

Beginning today we are simplifying the developer phone registration process. Now, any developer can unlock and register 1 phone to load up to 2 apps. Registered developers with Dev Center accounts continue to have the option to unlock up to 3 phones and upload up to 10 apps on each.
 

thals1992

Senior Member
Sep 26, 2012
680
237
73
Cincinnati, OH
www.uidnation.com
Microsoft just announced today that Windows Phone developers can now unlock their devices for free, with a 2-app sideload limit. Those needing higher limits can grab an account for cheap during the summer ($19 USD).

Just use your Microsoft account with the Windows Phone Developer Registration tool and you should be off and running.
Thats awesome news! That gets rid of the need for Chevron mods for all those WP7 people and that makes it easy to test WP8 apps.
 

IzaacJ

Inactive Recognized Developer
Sep 2, 2008
688
91
0
31
Eskilstuna
izaacj.github.io
This whole thing got me thinking, there might be someway to "abuse" the XAP installer that processes the XAP, since the XAP is downloaded straight from the browser.
Hopefully there's some vulnerabilities in the installer.
 

GoodDayToDie

Inactive Recognized Developer
Jan 20, 2011
6,066
2,930
0
Seattle
Not sure what you mean by "the XAP is downloaded straight from the browser" - Store apps are downloaded over HTTP (HTTPS actually, with cert pinning to boot) but the only apps I've seen actually install if they were downloaded from a web browser (or via email attachment, or sent using Bluetooth) are company / LOB apps, not store apps or unsigned (homebrew/development) apps.

That said, the XAPs do get processed by the installer (and rejected) anyhow. It's possible there's a vulnerability in that check process; is that what you're thinking of? If so, I don't believe it has anything to do with the news in this thread in particular (although it *might* help to have dev-unlock enabled) but it's a worthwhile path of exploration anyhow. The XAP installer is one of the relatively few parts of the system that has fairly high permissions but is easily attackable. Of course, that means MS will have reviewed and fuzz tested the hell out of it, but we can hope...
 
  • Like
Reactions: pdaimatejam

IzaacJ

Inactive Recognized Developer
Sep 2, 2008
688
91
0
31
Eskilstuna
izaacj.github.io
Not sure what you mean by "the XAP is downloaded straight from the browser" - Store apps are downloaded over HTTP (HTTPS actually, with cert pinning to boot) but the only apps I've seen actually install if they were downloaded from a web browser (or via email attachment, or sent using Bluetooth) are company / LOB apps, not store apps or unsigned (homebrew/development) apps.

That said, the XAPs do get processed by the installer (and rejected) anyhow. It's possible there's a vulnerability in that check process; is that what you're thinking of? If so, I don't believe it has anything to do with the news in this thread in particular (although it *might* help to have dev-unlock enabled) but it's a worthwhile path of exploration anyhow. The XAP installer is one of the relatively few parts of the system that has fairly high permissions but is easily attackable. Of course, that means MS will have reviewed and fuzz tested the hell out of it, but we can hope...
The XAP's developed in App Studio are downloaded in the browser on the phone, not from the store, which could prove to be a vulnerability, but there might be cert pinning since App Studio apps require you to install a certificate first. Hopefully someone with more knowledge, like you, could look at it. Just prep a simple app in App Studio and go through the process and see what you'll be able to find.
Maybe Fiddler might help to determinate if any cert pinning is done?
 

GoodDayToDie

Inactive Recognized Developer
Jan 20, 2011
6,066
2,930
0
Seattle
Ah sorry, I wasn't looking at App Studio. I will investigate... but unless they're giving us access to the signing key, or raw access to the XAP, it probably won't work for anything *too* exciting. Still, if it's a way to install signed apps that we write ourselves (to any meaningful degree), there's hope...
 

IzaacJ

Inactive Recognized Developer
Sep 2, 2008
688
91
0
31
Eskilstuna
izaacj.github.io
Ah sorry, I wasn't looking at App Studio. I will investigate... but unless they're giving us access to the signing key, or raw access to the XAP, it probably won't work for anything *too* exciting. Still, if it's a way to install signed apps that we write ourselves (to any meaningful degree), there's hope...
If I've understood it correctly, there is possibility to do changes to the XAP.
Note this tool is browser driven - no Windows 8 machine required - if you're not going to modify the source code that is. There are plans on the way for more goodies, so keep posted.
- Source
 

GoodDayToDie

Inactive Recognized Developer
Jan 20, 2011
6,066
2,930
0
Seattle
Cool. Looks like I need to send a request to get into the beta. I should do that... see what I get back. If the XAPs aren't signed, they probably won't be useful for breaking anything but the interaction with the browser might be interesting. If they are signed...
 

IzaacJ

Inactive Recognized Developer
Sep 2, 2008
688
91
0
31
Eskilstuna
izaacj.github.io
Cool. Looks like I need to send a request to get into the beta. I should do that... see what I get back. If the XAPs aren't signed, they probably won't be useful for breaking anything but the interaction with the browser might be interesting. If they are signed...
I didn't have to sign up for the beta, think I could use it right away since I'm a registered dev. Just signed in with my dev account and tried it out right away.
 

thals1992

Senior Member
Sep 26, 2012
680
237
73
Cincinnati, OH
www.uidnation.com
How the Windows Phone App Studio deploys

Awwman! I sent the request more than 24 hours ago and I still haven't received any emails. Also I'm a registered dreamspark dev, but that expired March.
Finally got mine a few hours ago. Haven't got very deep in it yet, but the templates are convenient.

---------- Post added at 10:49 PM ---------- Previous post was at 10:35 PM ----------

The XAP's developed in App Studio are downloaded in the browser on the phone, not from the store, which could prove to be a vulnerability, but there might be cert pinning since App Studio apps require you to install a certificate first. Hopefully someone with more knowledge, like you, could look at it. Just prep a simple app in App Studio and go through the process and see what you'll be able to find.
Maybe Fiddler might help to determinate if any cert pinning is done?
Here's the output of an almost empty app.


First things first

Remember you have to install the Certificate we sent you via Email.
links to dowappdiagnostics.blob.com/aet/AET.aetx
Code:
<wap-provisioningdoc>
  <characteristic type="EnterpriseAppManagement">
    <characteristic type="5342258">
      <parm datatype="string" name="EnrollmentToken" value="PEFFVD48RW50ZXJwcmlzZUlkIFZhbHVlPSI1MzQyMjU4IiAvPjxTaWduYXR1cmUgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxTaWduZWRJbmZvPjxDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUiIC8+PFNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiIC8+PFJlZmVyZW5jZSBVUkk9IiI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIiAvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2IiAvPjxEaWdlc3RWYWx1ZT5qbVBocDJSTjAydEoxWkJILzVyS0kzVk9tWjNDTmVHOG02bVVIbCtNNkNvPTwvRGlnZXN0VmFsdWU+PC9SZWZlcmVuY2U+PC9TaWduZWRJbmZvPjxTaWduYXR1cmVWYWx1ZT5OcXlEQ3Qvb0RUb3JIOFBrYlJHNDZNRFpVcTNreWhod1ZEQW5ocUtoYTYxSzhhcEk3SzNkNEJTcmQ1SXFaQVdraEMvRTFmNThRWWF4QWhRaEtPajRhdUxNNG5RaHowNis2OU96em84Q1RYMERjYUxJNHJWWXh4VGdvdXRWSzBnVkc1bVU4c0trZjQ3VmhGSnd4ZndPRHNwdGp1cmZyODNUVFN6OEJjZDlydW9ORGpZV25QWU9wTU9rRnZuNEFVb3hBdzE5M3BjYWsrZmV5c29udEN0cUw2OUNVRUEwTXhTczBXdGVxVkdLVWphd3JPSlJ5SVE3UkFLV1hxZnl3RDVQUS91M0h0REZBRDBGVXgxRDlkZ2VYWlQyZzZIZUxxZkVmdkxCcXY0cHA2ZjZFVXJ4RDVFNkNIV1lXWE9FZnVSbmZVaUFNS2dwZnIrMTBHMUJRZlphQUE9PTwvU2lnbmF0dXJlVmFsdWU+PEtleUluZm8+PFg1MDlEYXRhPjxYNTA5U3ViamVjdE5hbWU+Q0E8L1g1MDlTdWJqZWN0TmFtZT48WDUwOUNlcnRpZmljYXRlPk1JSUVTRENDQXpDZ0F3SUJBZ0lRTWYyNzRvTTRBRDkvS09ZV1lCWDB6akFOQmdrcWhraUc5dzBCQVFzRkFEQmtNUXN3Q1FZRFZRUUdFd0pWVXpFZE1Cc0dBMVVFQ2hNVVUzbHRZVzUwWldNZ1EyOXljRzl5WVhScGIyNHhOakEwQmdOVkJBTVRMVk41YldGdWRHVmpJRVZ1ZEdWeWNISnBjMlVnVFc5aWFXeGxJRkp2YjNRZ1ptOXlJRTFwWTNKdmMyOW1kREFlRncweE1qQXpNVFV3TURBd01EQmFGdzB5TnpBek1UUXlNelU1TlRsYU1JR1NNUXN3Q1FZRFZRUUdFd0pWVXpFZE1Cc0dBMVVFQ2hNVVUzbHRZVzUwWldNZ1EyOXljRzl5WVhScGIyNHhMakFzQmdOVkJBc1RKVmRwYm1SdmQzTWdVR2h2Ym1VZ1JXNTBaWEp3Y21selpTQkJjSEJzYVdOaGRHbHZibk14TkRBeUJnTlZCQU1USzFONWJXRnVkR1ZqSUVWdWRHVnljSEpwYzJVZ1RXOWlhV3hsSUVOQklHWnZjaUJOYVdOeWIzTnZablF3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ3lhVWxNM1VLUW1QNnF5RzdwM0g1bjh0MXpnb3BhUUMrMTVlQlhDaUdXZVJQelIzNFlWeHpvODBSWVlpMHJmMEt0TzlmazVlbTk3ZUw0Y3pRT2hVUE1xK3d0OXQwTEREZjBCcFM3OVlXK0N2SFZwazNCaHlEZTZMai9MaUJSSWY2RWMrRUdjMXNhLy84NVE1eUlxT1RkMU5RQWJBY1oxeDlHOTI1a2RYS24zajZUNTdqNWErNXlQQng5elo0SnNCdm0rc0F6SnI0Mzd5Y2hrK2pwd3BONUJMTFdGMkdLbkVGWGxjSllQYmVvSXlJZkZxa3cxYUpQVGd1cmswWEpnVklXWmozVE1IdHcrcms0dEgxMGIwTmVscFJaRndhLzQ4c1ZmTHE1b1BIS2ZpNFNrUjZmcjRiQWZqQ2R1Z0pyOGJ5NHlpL3dxWUVGMm4zVDJiKzJwZGtsQWdNQkFBR2pnY1l3Z2NNd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFEQkZCZ05WSFI4RVBqQThNRHFnT0tBMmhqUm9kSFJ3T2k4dlkzSnNMbWRsYjNSeWRYTjBMbU52YlM5amNteHpMMjF6Wm5SbGJuUnRiMkpwYkdWeWIyOTBZMkV1WTNKc01CWUdBMVVkSlFRUE1BMEdDMkNHU0FHRytFVUJDRFFCTUE0R0ExVWREd0VCL3dRRUF3SUJCakFkQmdOVkhRNEVGZ1FVWENwa0cxa1NEdXB3Z0NFVU9GS3RDTW5wbG9Bd0h3WURWUjBqQkJnd0ZvQVVUZXpmSmdiY0pCREF0cG4wMXpuSGJ4bjRKaWd3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUR4V0dkVTB5dHpOd2ZZbEhmMy8rTDNoYkJNZG1XTnNnNktBS2pDQnY4a2d2SDk3b0xXZTE1c01mSG1RNGo5ZVErMDJpdVpFV1FRU0ZZV0xTd0gxTm5WbHpIK1MzMDV4bFFlTVFEVWxVMWxoZGpOeUpXYlFlR0J0OFZZa09JQ005L1pUdm5yMm1YdVpsVHR4eHE4V2U4WTUyK2VaK0Y1R2QrSjBIYmZkYmF3YVhVYXF4L1FnQ3d6TTM4cW9pQld4d2JQZXRXbk83OHhjMmdlYjdSMzBia3hTUXJMTTRFVGNTanhIb3AwaC9JQVdVZUhIcHh3Y29tWkt5NzV1UEllLzJlTnZtcFZLb0dEb0pJOHB6YlNOaDZDMUxLMUZ5ZDNrYXhiQVZKcGVLcFVJSk9Ka0RubzM0bG9hOStZa1BRc1ZIRjI2TVVLQ1BRMHYxdTdqNGY1V3c0cz08L1g1MDlDZXJ0aWZpY2F0ZT48L1g1MDlEYXRhPjxYNTA5RGF0YT48WDUwOUNlcnRpZmljYXRlPk1JSUVMekNDQXhlZ0F3SUJBZ0lDQWFFd0RRWUpLb1pJaHZjTkFRRUxCUUF3Z1pJeEN6QUpCZ05WQkFZVEFsVlRNUjB3R3dZRFZRUUtFeFJUZVcxaGJuUmxZeUJEYjNKd2IzSmhkR2x2YmpFdU1Dd0dBMVVFQ3hNbFYybHVaRzkzY3lCUWFHOXVaU0JGYm5SbGNuQnlhWE5sSUVGd2NHeHBZMkYwYVc5dWN6RTBNRElHQTFVRUF4TXJVM2x0WVc1MFpXTWdSVzUwWlhKd2NtbHpaU0JOYjJKcGJHVWdRMEVnWm05eUlFMXBZM0p2YzI5bWREQWVGdzB4TXpBMk1EZ3hOalE1TXpoYUZ3MHhOREEyTVRJd09URTNOVGRhTUZreEhqQWNCZ05WQkFzVEZVMXBZM0p2YzI5bWRDQkRiM0p3YjNKaGRHbHZiakVlTUJ3R0ExVUVBeE1WVFdsamNtOXpiMlowSUVOdmNuQnZjbUYwYVc5dU1SY3dGUVlLQ1pJbWlaUHlMR1FCQVJNSE5UTTBNakkxT0RDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTVJ3RG1kQzBkM1lGUXNON2FVZnd3WHA1T2RINGYrYlVmWlJMZHlrS2tUS3MyZVFGTHRRL3pUSElobkxEVlYxR2djbGtNeUNGdXFYNk1qZUVWVXlCNFJxS1JvYkI1MTRxa21ZSGdSdUx6emdLcnRSMFdFSy9wMUFwejZRT1RSb05GMVhGK0Y2aitESjBqRFhaV0xveHl0V1hrTjJ4cUJiVmRjNXVGTEE0d1U2L2dFYWp5ZWJTOWFyaDRuWTBNWThsUHBxRE1KTVlRNVQxNVUwdGprdVk3UWtXTnIvMGhGelZneWRaRFRyb2puY2FpSmd1Wm5kRGhjK2NUS3V1OEdKanlkUW9BcUJ5WGNSbnBIS0s0Y3lYZ2JUNjJFUllqVUtYcVVFWmFURlh0dGdyanR5Y2Q5VTM0L3k0dG5TUTYybS9vanIvUjJLaDE4cnhpSTRCWjY5ZitFQ0F3RUFBYU9CeGpDQnd6QWZCZ05WSFNNRUdEQVdnQlJjS21RYldSSU82bkNBSVJRNFVxMEl5ZW1XZ0RBT0JnTlZIUThCQWY4RUJBTUNCNEF3SUFZRFZSMGxCQmt3RndZSUt3WUJCUVVIQXdNR0MyQ0dTQUdHK0VVQkNEUUJNRUVHQTFVZEh3UTZNRGd3TnFBMG9ES0dNR2gwZEhBNkx5OWpjbXd1WjJWdmRISjFjM1F1WTI5dEwyTnliSE12YlhObWRHVnVkRzF2WW1sc1pXTmhMbU55YkRBTUJnTlZIUk1CQWY4RUFqQUFNQjBHQTFVZERnUVdCQlFKQk1lRmYvdUIxeFZHcTVESTluYm9ZTnE2bXpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQUhRV0dzQmpjcWRoK2F6QjJ0MGxXREJJMWFJRTZVZlQ5cjJUYktBN2pkdjRzdk5KRGIrcy9mTit2ZXMydFJqV25YaDZIS0xacVNkbFpUT3NodzIxV1UxNEE1bUlNNnRMNVdGL1F6dll5aU5HTHAwU1VNa2pSdXpFRDlaT0RrSElkV21Ca0FDS1pGWE92ajQ2TWxPVGZLYVJQdXZPR1NEYktkbGRVY3dWalR3UWpnbHpTY05hUjROL3l0M2FsRUUxQ01jZXJjYUpFZ2xITmpsc0svUFZkMGFTU1YzeHRhNmNvTHBURFlFVlB4bjJ4QnVQd21JeHJ6VHh1QkhUMmNSakN3WDhobC9kRkFxSC94YzBQWFQzbEFVbzZDMDY2b2lEZ3JTQ1gwYUhGcVlTZjROZVNselQ5NFdZTWsrblEwdFBLclVvV2p2N1d1UTlWSUsrMzhmQm5HUT09PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PC9BRVQ+"/>
    </characteristic>
  </characteristic>
</wap-provisioningdoc>
Link to app
http://bit.ly/19fnUyO

It also offers the source code:
http://apps.windowsstore.com/DashBo...4ab6a18?version=59091.elpplk&resource=sources

The file is named WPAppStudio.xap



THIS JUST ADDS MICROSOFT CORPORATION AS A COMPANY ACCOUNT AND DEPLOYS AN XAP BASED ON IT.
So, this isn't really good news. Back to looking at a company account exploit?
 
Last edited:

IzaacJ

Inactive Recognized Developer
Sep 2, 2008
688
91
0
31
Eskilstuna
izaacj.github.io
Finally got mine a few hours ago. Haven't got very deep in it yet, but the templates are convenient.

---------- Post added at 10:49 PM ---------- Previous post was at 10:35 PM ----------



Here's the output of an almost empty app.



links to dowappdiagnostics.blob.com/aet/AET.aetx
Code:
<wap-provisioningdoc>
  <characteristic type="EnterpriseAppManagement">
    <characteristic type="5342258">
      <parm datatype="string" name="EnrollmentToken" value="PEFFVD48RW50ZXJwcmlzZUlkIFZhbHVlPSI1MzQyMjU4IiAvPjxTaWduYXR1cmUgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxTaWduZWRJbmZvPjxDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUiIC8+PFNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiIC8+PFJlZmVyZW5jZSBVUkk9IiI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIiAvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2IiAvPjxEaWdlc3RWYWx1ZT5qbVBocDJSTjAydEoxWkJILzVyS0kzVk9tWjNDTmVHOG02bVVIbCtNNkNvPTwvRGlnZXN0VmFsdWU+PC9SZWZlcmVuY2U+PC9TaWduZWRJbmZvPjxTaWduYXR1cmVWYWx1ZT5OcXlEQ3Qvb0RUb3JIOFBrYlJHNDZNRFpVcTNreWhod1ZEQW5ocUtoYTYxSzhhcEk3SzNkNEJTcmQ1SXFaQVdraEMvRTFmNThRWWF4QWhRaEtPajRhdUxNNG5RaHowNis2OU96em84Q1RYMERjYUxJNHJWWXh4VGdvdXRWSzBnVkc1bVU4c0trZjQ3VmhGSnd4ZndPRHNwdGp1cmZyODNUVFN6OEJjZDlydW9ORGpZV25QWU9wTU9rRnZuNEFVb3hBdzE5M3BjYWsrZmV5c29udEN0cUw2OUNVRUEwTXhTczBXdGVxVkdLVWphd3JPSlJ5SVE3UkFLV1hxZnl3RDVQUS91M0h0REZBRDBGVXgxRDlkZ2VYWlQyZzZIZUxxZkVmdkxCcXY0cHA2ZjZFVXJ4RDVFNkNIV1lXWE9FZnVSbmZVaUFNS2dwZnIrMTBHMUJRZlphQUE9PTwvU2lnbmF0dXJlVmFsdWU+PEtleUluZm8+PFg1MDlEYXRhPjxYNTA5U3ViamVjdE5hbWU+Q0E8L1g1MDlTdWJqZWN0TmFtZT48WDUwOUNlcnRpZmljYXRlPk1JSUVTRENDQXpDZ0F3SUJBZ0lRTWYyNzRvTTRBRDkvS09ZV1lCWDB6akFOQmdrcWhraUc5dzBCQVFzRkFEQmtNUXN3Q1FZRFZRUUdFd0pWVXpFZE1Cc0dBMVVFQ2hNVVUzbHRZVzUwWldNZ1EyOXljRzl5WVhScGIyNHhOakEwQmdOVkJBTVRMVk41YldGdWRHVmpJRVZ1ZEdWeWNISnBjMlVnVFc5aWFXeGxJRkp2YjNRZ1ptOXlJRTFwWTNKdmMyOW1kREFlRncweE1qQXpNVFV3TURBd01EQmFGdzB5TnpBek1UUXlNelU1TlRsYU1JR1NNUXN3Q1FZRFZRUUdFd0pWVXpFZE1Cc0dBMVVFQ2hNVVUzbHRZVzUwWldNZ1EyOXljRzl5WVhScGIyNHhMakFzQmdOVkJBc1RKVmRwYm1SdmQzTWdVR2h2Ym1VZ1JXNTBaWEp3Y21selpTQkJjSEJzYVdOaGRHbHZibk14TkRBeUJnTlZCQU1USzFONWJXRnVkR1ZqSUVWdWRHVnljSEpwYzJVZ1RXOWlhV3hsSUVOQklHWnZjaUJOYVdOeWIzTnZablF3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ3lhVWxNM1VLUW1QNnF5RzdwM0g1bjh0MXpnb3BhUUMrMTVlQlhDaUdXZVJQelIzNFlWeHpvODBSWVlpMHJmMEt0TzlmazVlbTk3ZUw0Y3pRT2hVUE1xK3d0OXQwTEREZjBCcFM3OVlXK0N2SFZwazNCaHlEZTZMai9MaUJSSWY2RWMrRUdjMXNhLy84NVE1eUlxT1RkMU5RQWJBY1oxeDlHOTI1a2RYS24zajZUNTdqNWErNXlQQng5elo0SnNCdm0rc0F6SnI0Mzd5Y2hrK2pwd3BONUJMTFdGMkdLbkVGWGxjSllQYmVvSXlJZkZxa3cxYUpQVGd1cmswWEpnVklXWmozVE1IdHcrcms0dEgxMGIwTmVscFJaRndhLzQ4c1ZmTHE1b1BIS2ZpNFNrUjZmcjRiQWZqQ2R1Z0pyOGJ5NHlpL3dxWUVGMm4zVDJiKzJwZGtsQWdNQkFBR2pnY1l3Z2NNd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFEQkZCZ05WSFI4RVBqQThNRHFnT0tBMmhqUm9kSFJ3T2k4dlkzSnNMbWRsYjNSeWRYTjBMbU52YlM5amNteHpMMjF6Wm5SbGJuUnRiMkpwYkdWeWIyOTBZMkV1WTNKc01CWUdBMVVkSlFRUE1BMEdDMkNHU0FHRytFVUJDRFFCTUE0R0ExVWREd0VCL3dRRUF3SUJCakFkQmdOVkhRNEVGZ1FVWENwa0cxa1NEdXB3Z0NFVU9GS3RDTW5wbG9Bd0h3WURWUjBqQkJnd0ZvQVVUZXpmSmdiY0pCREF0cG4wMXpuSGJ4bjRKaWd3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUR4V0dkVTB5dHpOd2ZZbEhmMy8rTDNoYkJNZG1XTnNnNktBS2pDQnY4a2d2SDk3b0xXZTE1c01mSG1RNGo5ZVErMDJpdVpFV1FRU0ZZV0xTd0gxTm5WbHpIK1MzMDV4bFFlTVFEVWxVMWxoZGpOeUpXYlFlR0J0OFZZa09JQ005L1pUdm5yMm1YdVpsVHR4eHE4V2U4WTUyK2VaK0Y1R2QrSjBIYmZkYmF3YVhVYXF4L1FnQ3d6TTM4cW9pQld4d2JQZXRXbk83OHhjMmdlYjdSMzBia3hTUXJMTTRFVGNTanhIb3AwaC9JQVdVZUhIcHh3Y29tWkt5NzV1UEllLzJlTnZtcFZLb0dEb0pJOHB6YlNOaDZDMUxLMUZ5ZDNrYXhiQVZKcGVLcFVJSk9Ka0RubzM0bG9hOStZa1BRc1ZIRjI2TVVLQ1BRMHYxdTdqNGY1V3c0cz08L1g1MDlDZXJ0aWZpY2F0ZT48L1g1MDlEYXRhPjxYNTA5RGF0YT48WDUwOUNlcnRpZmljYXRlPk1JSUVMekNDQXhlZ0F3SUJBZ0lDQWFFd0RRWUpLb1pJaHZjTkFRRUxCUUF3Z1pJeEN6QUpCZ05WQkFZVEFsVlRNUjB3R3dZRFZRUUtFeFJUZVcxaGJuUmxZeUJEYjNKd2IzSmhkR2x2YmpFdU1Dd0dBMVVFQ3hNbFYybHVaRzkzY3lCUWFHOXVaU0JGYm5SbGNuQnlhWE5sSUVGd2NHeHBZMkYwYVc5dWN6RTBNRElHQTFVRUF4TXJVM2x0WVc1MFpXTWdSVzUwWlhKd2NtbHpaU0JOYjJKcGJHVWdRMEVnWm05eUlFMXBZM0p2YzI5bWREQWVGdzB4TXpBMk1EZ3hOalE1TXpoYUZ3MHhOREEyTVRJd09URTNOVGRhTUZreEhqQWNCZ05WQkFzVEZVMXBZM0p2YzI5bWRDQkRiM0p3YjNKaGRHbHZiakVlTUJ3R0ExVUVBeE1WVFdsamNtOXpiMlowSUVOdmNuQnZjbUYwYVc5dU1SY3dGUVlLQ1pJbWlaUHlMR1FCQVJNSE5UTTBNakkxT0RDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTVJ3RG1kQzBkM1lGUXNON2FVZnd3WHA1T2RINGYrYlVmWlJMZHlrS2tUS3MyZVFGTHRRL3pUSElobkxEVlYxR2djbGtNeUNGdXFYNk1qZUVWVXlCNFJxS1JvYkI1MTRxa21ZSGdSdUx6emdLcnRSMFdFSy9wMUFwejZRT1RSb05GMVhGK0Y2aitESjBqRFhaV0xveHl0V1hrTjJ4cUJiVmRjNXVGTEE0d1U2L2dFYWp5ZWJTOWFyaDRuWTBNWThsUHBxRE1KTVlRNVQxNVUwdGprdVk3UWtXTnIvMGhGelZneWRaRFRyb2puY2FpSmd1Wm5kRGhjK2NUS3V1OEdKanlkUW9BcUJ5WGNSbnBIS0s0Y3lYZ2JUNjJFUllqVUtYcVVFWmFURlh0dGdyanR5Y2Q5VTM0L3k0dG5TUTYybS9vanIvUjJLaDE4cnhpSTRCWjY5ZitFQ0F3RUFBYU9CeGpDQnd6QWZCZ05WSFNNRUdEQVdnQlJjS21RYldSSU82bkNBSVJRNFVxMEl5ZW1XZ0RBT0JnTlZIUThCQWY4RUJBTUNCNEF3SUFZRFZSMGxCQmt3RndZSUt3WUJCUVVIQXdNR0MyQ0dTQUdHK0VVQkNEUUJNRUVHQTFVZEh3UTZNRGd3TnFBMG9ES0dNR2gwZEhBNkx5OWpjbXd1WjJWdmRISjFjM1F1WTI5dEwyTnliSE12YlhObWRHVnVkRzF2WW1sc1pXTmhMbU55YkRBTUJnTlZIUk1CQWY4RUFqQUFNQjBHQTFVZERnUVdCQlFKQk1lRmYvdUIxeFZHcTVESTluYm9ZTnE2bXpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQUhRV0dzQmpjcWRoK2F6QjJ0MGxXREJJMWFJRTZVZlQ5cjJUYktBN2pkdjRzdk5KRGIrcy9mTit2ZXMydFJqV25YaDZIS0xacVNkbFpUT3NodzIxV1UxNEE1bUlNNnRMNVdGL1F6dll5aU5HTHAwU1VNa2pSdXpFRDlaT0RrSElkV21Ca0FDS1pGWE92ajQ2TWxPVGZLYVJQdXZPR1NEYktkbGRVY3dWalR3UWpnbHpTY05hUjROL3l0M2FsRUUxQ01jZXJjYUpFZ2xITmpsc0svUFZkMGFTU1YzeHRhNmNvTHBURFlFVlB4bjJ4QnVQd21JeHJ6VHh1QkhUMmNSakN3WDhobC9kRkFxSC94YzBQWFQzbEFVbzZDMDY2b2lEZ3JTQ1gwYUhGcVlTZjROZVNselQ5NFdZTWsrblEwdFBLclVvV2p2N1d1UTlWSUsrMzhmQm5HUT09PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PC9BRVQ+"/>
    </characteristic>
  </characteristic>
</wap-provisioningdoc>
Link to app
http://bit.ly/19fnUyO

It also offers the source code:
http://apps.windowsstore.com/DashBo...4ab6a18?version=59091.elpplk&resource=sources

The file is named WPAppStudio.xap



THIS JUST ADDS MICROSOFT CORPORATION AS A COMPANY ACCOUNT AND DEPLOYS AN XAP BASED ON IT.
So, this isn't really good news. Back to looking at a company account exploit?
It might be possible to find an exploit in the XAP installer that installs the XAPs from the browser, and use that to install an app with higher privileges, and accessing the filesystem and/or the registry with full access?
 

GoodDayToDie

Inactive Recognized Developer
Jan 20, 2011
6,066
2,930
0
Seattle
Actually, that's pretty good. Company apps have lower restrictions, and are easier to install. Also, that's a provxml document... we should see if we can modify it and get it to do anything else interesting for us!
 

snickler

Retired Forum Moderator / Inactive Recognized Deve
Aug 17, 2010
1,320
1,130
0
Dub V
www.sinclairinat0r.com
@GoodDayToDie, @snickler I'm gonna try to use fiddler to redirect that request to my own server with an edited file and see what happens. Going to start with setting the MaxUnsignedApp value. Wish me luck ;)
Ohhh please tell me how this works out! I wanted to do the same thing, but I have to wait for MS to get back with my invitation code.

Best of luck!
 

IzaacJ

Inactive Recognized Developer
Sep 2, 2008
688
91
0
31
Eskilstuna
izaacj.github.io
Last edited:
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone