Request to the Forum Moderators.

Status
Not open for further replies.
Search This thread
By:
Advanced…
djamol

djamol

Senior Member
Jun 3, 2014
444
409
31
Pune
www.twitter.com
Just finished my engg. exam and i'm back as promised you before with my new hack and much more achievements.

So, my wish to the Forum Moderators to Remove this thread as per my request.
I'm doing a very Hard work on my Latest Hack at underground as a lonely.
I'll come back with Full Hacking achievements with the clean concept.

Hope, for your positive response. :)
and Sorry about editing post without other team member's permission and technical discussion.

Thank You.
 
Last edited:
  • Like
Reactions: kulinggem, truonggiang0710, .Zubair and 26 others
matgras

matgras

Senior Member
Jun 2, 2012
2,231
318
This is some ground-breaking stuff.

I'm very interested to see what we are going to get from this.

Doees this mean that lumia phones can be-are interop unlocked?
 
  • Like
Reactions: snickler
G

GoodDayToDie

Inactive Recognized Developer
Jan 20, 2011
6,066
2,933
Seattle
Well, this is a potentially phenomenal breakthrough... Nice research!

Looks like it requires installing both apps to the SD card, correct? That means you need to have an SD card and WP8.1. That's still a heck of a lot more phones than we could unlock before!

Time to explore this...
 
  • Like
Reactions: djamol, snickler and matgras
djamol

djamol

Senior Member
Jun 3, 2014
444
409
31
Pune
www.twitter.com
GoodDayToDie said:
Well, this is a potentially phenomenal breakthrough... Nice research!

Looks like it requires installing both apps to the SD card, correct? That means you need to have an SD card and WP8.1. That's still a heck of a lot more phones than we could unlock before!

Time to explore this...
Click to expand...
Click to collapse

Yes, Required SD Card but there no need to Deploy both apps. i mean now apps can be shared globally :D
We can shared app packages with the NI Images.

Edit:
I'm Also started to do investigation for Non-SD Card devices and i hope i'll get the success. because i'm 2 steps ahead there too :D (But it is very Hard to achieve, there is no success guarantee)
 
Last edited:
  • Like
Reactions: fanghongjian, Leo_zodiac, ceesheim and 4 others
S

starsoccer9

Senior Member
Jun 8, 2009
103
7
Could you explain how I would do this using htc rather the a lumia device. I cant seem to figure it out.

Also you mentioned you can write to the registry. If that is true, then you should be able to make your device interop unlocked by setting the max apps to 99999
 
djamol

djamol

Senior Member
Jun 3, 2014
444
409
31
Pune
www.twitter.com
@snickler

Microsoft didn't developed any patch for SD Card.

I'm on latest build dp 8.10.14192.280 (known as Critical Update).
My another thought is get this method on running WP8.0 GDR3 firmware, having 8.1 developer preview and running WP8.0 App packages. It would be a nice as my prefer.
If you have any problem or confusion, then PM me. I'll be there.
 
  • Like
Reactions: ceesheim
G

GoodDayToDie

Inactive Recognized Developer
Jan 20, 2011
6,066
2,933
Seattle
We need a Nokia library that uses RPC or IOCTL to make registry changes, the more arbitrary the better. Something like Samsung's RPCComponent DLL. Working on it...
 
N

ngame

Senior Member
Mar 13, 2012
1,126
550
Mashad
GoodDayToDie said:
We need a Nokia library that uses RPC or IOCTL to make registry changes, the more arbitrary the better. Something like Samsung's RPCComponent DLL. Working on it...
Click to expand...
Click to collapse

I can remember Extras + Info had a RPC
I don't have the xap file right now but you can easily check it by you interop unlocked L520 as well .
Hope can help you
 
ceesheim

ceesheim

Retired Forum Moderator
Jun 11, 2009
3,457
2,287
No Android Fanboys Please !!!
G

GoodDayToDie

Inactive Recognized Developer
Jan 20, 2011
6,066
2,933
Seattle
@starsoccer9: Please install some of your OEM apps to the SD card and extract their contents from Install\ folder, post the contents here as ZIPs? I'll see what I can do.
 
Status
Not open for further replies.

Similar threads

Pasquiindustry
[XAP][18/09/2015][0.6] CustomPFD: registry editor + tweaks
Replies
210
Views
310K
Toothless
Toothless
M
Windows phone 8, 8.1 & 10 registry hacks
Replies
467
Views
278K
CreativeGamer03
CreativeGamer03
sensboston
[XAP][Source] WPTweaker: registry tweaker for WP8.1
Replies
183
Views
139K
K
kcirtap
V
[XAP] vcREG:Lumia Reg Editor+Jailbreak WP8 version NO LONGER SUPPORTED
Replies
550
Views
358K
M
[email protected]
snickler
[XAP][SOURCE] WP8 Registry Tools
Replies
145
Views
96K
G
GoodDayToDie

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 29
    djamol
    djamol
    Just finished my engg. exam and i'm back as promised you before with my new hack and much more achievements.

    So, my wish to the Forum Moderators to Remove this thread as per my request.
    I'm doing a very Hard work on my Latest Hack at underground as a lonely.
    I'll come back with Full Hacking achievements with the clean concept.

    Hope, for your positive response. :)
    and Sorry about editing post without other team member's permission and technical discussion.

    Thank You.
    View
    9
    djamol
    djamol
    SUCCESS !!!

    Do not update anything until & unless I release my new hack.
    View
    7
    djamol
    djamol
    GoodDayToDie said:
    Well, this is a potentially phenomenal breakthrough... Nice research!

    Looks like it requires installing both apps to the SD card, correct? That means you need to have an SD card and WP8.1. That's still a heck of a lot more phones than we could unlock before!

    Time to explore this...
    Click to expand...
    Click to collapse

    Yes, Required SD Card but there no need to Deploy both apps. i mean now apps can be shared globally :D
    We can shared app packages with the NI Images.

    Edit:
    I'm Also started to do investigation for Non-SD Card devices and i hope i'll get the success. because i'm 2 steps ahead there too :D (But it is very Hard to achieve, there is no success guarantee)
    View
    6
    G
    GoodDayToDie
    I don't think you quite understand the problem. The libs work fine. They just aren't written for high-privilege access, so they don't do what it takes to get it. Here's how a normal native function call works in WP8:
    1) Managed (.NET) code calls a function in a .WINMD file.
    2) The .DLL corresponding to the .WINMD is loaded into the process address space, if not already present. The native function matching the one the program called is identified.
    3) The function's parameters are "Marshaled" into native code parameters, which (among other things) converts a .NET System.String object to a C++/CX Platform::String object.
    4) The native function is called, and executes within the process that called it. It has no more or less privileges than its caller. During this process, the native code may call other native code.
    5) The return value of the native function is marshaled back into managed types.
    6) The managed code receives the returned value and proceeds to do whatever its next instruction is.

    Note that every part of this happens inside the app's address space. Therefore, every part of it happens with the app's token (apps don't have enough privileges to impersonate, in case you were wondering). App tokens tend to have very little access. Some capabilities that are available to OEMs give extra access, but it's still basically just a whitelist of places you can reach. The ID_CAP_INTEROPSERVICES capability is a little different. It says that an app can make Remote Procedure Calls (RPC), which means the app can now tell other processes to do stuff, and that stuff gets done outside of the app and therefore with different privileges. Here's now that works:

    1-3) Same as above.
    4) The native function is called. Rather than executing the operation itself, it instead opens a connection to a particular RPC service, assuming such a connection isn't already open. The native code then marshals its parameters again, but instead of marshaling them for managed/native interop, it marshals them to be passed between processes.
    5) The native function uses a native Windows mechanism for communicating between processes (inter-process communication or IPC) to tell that RPC service "hey, call function X with these parameters" and passes the parameters.
    6) The native function - indeed, that whole thread of the app - stops executing for a while. On the RPC service, a thread that was waiting for an incoming call wakes up.
    7) The RPC service receives the request to run the function, and the parameters to run it with. The function begins executing within the RPC service, using the RPC service's security ID (usually SYSTEM, the Windows equivalent of "root").
    8) The RPC service completes execution and marshals the return value for passing back to our app, then passes it back over the channel that the request came from.
    9) The native code in the app, having received the result of executing the function, wakes up and marshals the response from the RPC server from native types to managed types.
    10) Same as #6 above.

    Those extra steps - sending the function over to the RPC service to have it executed under different privileges, and then waiting until the RPC service does so and sends the result back - are why some function calls run with much higher privileges than others. You can't just make a high-privilege copy of a library; first you need to even *find* a high-privilege RPC service that will run that function, then you need to write the code to open a connection to the service, pass it the function call, and receive the response. Nokia might not even *have* a RPC service that allows writing to arbitrary memory locations. If it does, there's no RPC client - the native library we have our app use - which will do that, so we would first need to find the RPC service and figure out how to call it, then write the RPC client to make the call. This is not impossible (assuming such a service really does exist) but it's not a simple thing. If that service doesn't exist at all, we are in trouble.

    There are still other cool things you can do with this kind of access. For example, some of the stuff that our registry tweaks do is in locations which an OEM app could write to, so we can hijack an OEM app's chamber to do that for us without worrying about RPC at all. This includes things like creating special accent colors, but not things like Full FS Access (that requires writing to places OEM apps can't even *read* unless they have an RPC service do it for them). It also expands the area we can search for other, better hacks. But it looks like HTC and Nokia may have been a step ahead of us even here.
    View
    4
    G
    GoodDayToDie
    @ngame: Capabilities are stored in the registry, but I'm not sure of *all* the ways and places they are stored. It's frustrating; trust me, I've been working on this for a while.
    View

New posts