Request to the Forum Moderators.

Status
Not open for further replies.
Search This thread

djamol

Senior Member
Jun 3, 2014
444
405
29
Pune
www.twitter.com
Just finished my engg. exam and i'm back as promised you before with my new hack and much more achievements.

So, my wish to the Forum Moderators to Remove this thread as per my request.
I'm doing a very Hard work on my Latest Hack at underground as a lonely.
I'll come back with Full Hacking achievements with the clean concept.

Hope, for your positive response. :)
and Sorry about editing post without other team member's permission and technical discussion.

Thank You.
 
Last edited:

matgras

Senior Member
Jun 2, 2012
2,231
318
This is some ground-breaking stuff.

I'm very interested to see what we are going to get from this.

Doees this mean that lumia phones can be-are interop unlocked?
 
  • Like
Reactions: snickler

GoodDayToDie

Inactive Recognized Developer
Jan 20, 2011
6,066
2,931
Seattle
Well, this is a potentially phenomenal breakthrough... Nice research!

Looks like it requires installing both apps to the SD card, correct? That means you need to have an SD card and WP8.1. That's still a heck of a lot more phones than we could unlock before!

Time to explore this...
 

djamol

Senior Member
Jun 3, 2014
444
405
29
Pune
www.twitter.com
Well, this is a potentially phenomenal breakthrough... Nice research!

Looks like it requires installing both apps to the SD card, correct? That means you need to have an SD card and WP8.1. That's still a heck of a lot more phones than we could unlock before!

Time to explore this...

Yes, Required SD Card but there no need to Deploy both apps. i mean now apps can be shared globally :D
We can shared app packages with the NI Images.

Edit:
I'm Also started to do investigation for Non-SD Card devices and i hope i'll get the success. because i'm 2 steps ahead there too :D (But it is very Hard to achieve, there is no success guarantee)
 
Last edited:

starsoccer9

Senior Member
Jun 8, 2009
103
7
Could you explain how I would do this using htc rather the a lumia device. I cant seem to figure it out.

Also you mentioned you can write to the registry. If that is true, then you should be able to make your device interop unlocked by setting the max apps to 99999
 

djamol

Senior Member
Jun 3, 2014
444
405
29
Pune
www.twitter.com
@snickler

Microsoft didn't developed any patch for SD Card.

I'm on latest build dp 8.10.14192.280 (known as Critical Update).
My another thought is get this method on running WP8.0 GDR3 firmware, having 8.1 developer preview and running WP8.0 App packages. It would be a nice as my prefer.
If you have any problem or confusion, then PM me. I'll be there.
 
  • Like
Reactions: ceesheim

GoodDayToDie

Inactive Recognized Developer
Jan 20, 2011
6,066
2,931
Seattle
We need a Nokia library that uses RPC or IOCTL to make registry changes, the more arbitrary the better. Something like Samsung's RPCComponent DLL. Working on it...
 

ngame

Senior Member
Mar 13, 2012
1,126
545
Mashad
We need a Nokia library that uses RPC or IOCTL to make registry changes, the more arbitrary the better. Something like Samsung's RPCComponent DLL. Working on it...

I can remember Extras + Info had a RPC
I don't have the xap file right now but you can easily check it by you interop unlocked L520 as well .
Hope can help you
 
Status
Not open for further replies.

Top Liked Posts

  • There are no posts matching your filters.
  • 29
    Just finished my engg. exam and i'm back as promised you before with my new hack and much more achievements.

    So, my wish to the Forum Moderators to Remove this thread as per my request.
    I'm doing a very Hard work on my Latest Hack at underground as a lonely.
    I'll come back with Full Hacking achievements with the clean concept.

    Hope, for your positive response. :)
    and Sorry about editing post without other team member's permission and technical discussion.

    Thank You.
    9
    SUCCESS !!!

    Do not update anything until & unless I release my new hack.
    7
    Well, this is a potentially phenomenal breakthrough... Nice research!

    Looks like it requires installing both apps to the SD card, correct? That means you need to have an SD card and WP8.1. That's still a heck of a lot more phones than we could unlock before!

    Time to explore this...

    Yes, Required SD Card but there no need to Deploy both apps. i mean now apps can be shared globally :D
    We can shared app packages with the NI Images.

    Edit:
    I'm Also started to do investigation for Non-SD Card devices and i hope i'll get the success. because i'm 2 steps ahead there too :D (But it is very Hard to achieve, there is no success guarantee)
    6
    I don't think you quite understand the problem. The libs work fine. They just aren't written for high-privilege access, so they don't do what it takes to get it. Here's how a normal native function call works in WP8:
    1) Managed (.NET) code calls a function in a .WINMD file.
    2) The .DLL corresponding to the .WINMD is loaded into the process address space, if not already present. The native function matching the one the program called is identified.
    3) The function's parameters are "Marshaled" into native code parameters, which (among other things) converts a .NET System.String object to a C++/CX Platform::String object.
    4) The native function is called, and executes within the process that called it. It has no more or less privileges than its caller. During this process, the native code may call other native code.
    5) The return value of the native function is marshaled back into managed types.
    6) The managed code receives the returned value and proceeds to do whatever its next instruction is.

    Note that every part of this happens inside the app's address space. Therefore, every part of it happens with the app's token (apps don't have enough privileges to impersonate, in case you were wondering). App tokens tend to have very little access. Some capabilities that are available to OEMs give extra access, but it's still basically just a whitelist of places you can reach. The ID_CAP_INTEROPSERVICES capability is a little different. It says that an app can make Remote Procedure Calls (RPC), which means the app can now tell other processes to do stuff, and that stuff gets done outside of the app and therefore with different privileges. Here's now that works:

    1-3) Same as above.
    4) The native function is called. Rather than executing the operation itself, it instead opens a connection to a particular RPC service, assuming such a connection isn't already open. The native code then marshals its parameters again, but instead of marshaling them for managed/native interop, it marshals them to be passed between processes.
    5) The native function uses a native Windows mechanism for communicating between processes (inter-process communication or IPC) to tell that RPC service "hey, call function X with these parameters" and passes the parameters.
    6) The native function - indeed, that whole thread of the app - stops executing for a while. On the RPC service, a thread that was waiting for an incoming call wakes up.
    7) The RPC service receives the request to run the function, and the parameters to run it with. The function begins executing within the RPC service, using the RPC service's security ID (usually SYSTEM, the Windows equivalent of "root").
    8) The RPC service completes execution and marshals the return value for passing back to our app, then passes it back over the channel that the request came from.
    9) The native code in the app, having received the result of executing the function, wakes up and marshals the response from the RPC server from native types to managed types.
    10) Same as #6 above.

    Those extra steps - sending the function over to the RPC service to have it executed under different privileges, and then waiting until the RPC service does so and sends the result back - are why some function calls run with much higher privileges than others. You can't just make a high-privilege copy of a library; first you need to even *find* a high-privilege RPC service that will run that function, then you need to write the code to open a connection to the service, pass it the function call, and receive the response. Nokia might not even *have* a RPC service that allows writing to arbitrary memory locations. If it does, there's no RPC client - the native library we have our app use - which will do that, so we would first need to find the RPC service and figure out how to call it, then write the RPC client to make the call. This is not impossible (assuming such a service really does exist) but it's not a simple thing. If that service doesn't exist at all, we are in trouble.

    There are still other cool things you can do with this kind of access. For example, some of the stuff that our registry tweaks do is in locations which an OEM app could write to, so we can hijack an OEM app's chamber to do that for us without worrying about RPC at all. This includes things like creating special accent colors, but not things like Full FS Access (that requires writing to places OEM apps can't even *read* unless they have an RPC service do it for them). It also expands the area we can search for other, better hacks. But it looks like HTC and Nokia may have been a step ahead of us even here.
    4
    @ngame: Capabilities are stored in the registry, but I'm not sure of *all* the ways and places they are stored. It's frustrating; trust me, I've been working on this for a while.
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone