Hello Folks,
We are introducing a way to apply @Myrianchan's WindowsRT "Test Mode" hack to Windows Phone 8/8.1 and Windows 10 Mobile Preview builds before 10572.
Yeah,Actually this not my complete hack but @Myriachan discovered wonderful hack I've ever seen. So the FULL credits goes to her of course.
Probably to Enable test Mode for Phone you have to Full Registry Access to configure the BCD objects "Boot Configuration Data".
Yeah, we have vcReg editor base upon this for Lumia Devices.
This is NOT specific about the LUMIA device but for now we have only lumia device with FULL Registry Access.
**********
CAUTIONS.
please, DON'T BE STUPID. IT'S UEFI Hacking. Bricking chances is maximum and potentially too Dangerous.
It can be a permanent damage to the Device and no one will recover your device. like[Nokia/Microsoft Care. ATF Box]
So the, I'm/Any other XDA Member not responsible for any damage to your device. Use it on your own risk.
**********
Introduction to Test-Signing.
Test-signing refers to using a test certificate to sign a pre-release version of a driver package for use on test computers. In particular, this allows developers to sign kernel-mode binaries by using self-signed certificates, such as those the MakeCert tool generates. Starting with Windows Vista, this capability allows developers to test kernel-mode binaries on Windows with driver signature verification enabled.
More details are here.
Introduction to Test-Signing Hack for Windows Phone.
Specifically, the "Trusted Boot Security Feature Bypass Vulnerability – CVE-2015-2552" is Myriachan's jailbreak exploit.
The exploit itself is simple. Run an administrator PowerShell (can't be cmd), and execute the following command, then reboot:
bcdedit /set '{current}' loadoptions '/TŅSTSIGNING'
(The Ņ character is Unicode character U+0145, which you can find in Character Map if you need it.)
Your system will come up in "test signing" mode, along with a watermark on the desktop indicating this. While in test-signing mode, applications still have to be signed, but they can be signed by anyone, including your own self-signed certificates.
How to sign executables for this is mostly beyond the scope of what I'm posting. Use makecert and signtool. Your certificate must be at least 2048-bit RSA. When using signtool, be sure to timestamp your executable (/t option), use page hashing mode (/ph) and SHA-256 (/fd SHA256).
More Details of why this works:
http://pastebin.com/w5U2qTR0
Source
How to Enable Test-Sign on Windows Phone.
Yeah, It is also Simple.
Not Got much time to write simple tool for it. (I'll attached xap here later)
You have to write this Registry Key and Value.
1. Deploy and RUN VcReg Editor.
2. Select "HKEY_LOCAL_MACHINE"
3. Select "String"
Enter Without Quote.
Path:
(your guid may vary)
Key:
Value:
*** NOTE THAT, "Ņ" character is Unicode character U+0145. So don't mess with it. Probably Copy and Paste it. ***
4. HIT WRITE BUTTON !!!
5. REBOOT DEVICE.
That's It.
To verify Test Mode is Actually Enabled or Not
Read the below registry key and value.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control]
"SystemStartOptions"
It should have Included a value of "TESTSIGNING"(theres other strings too,forget them) . If not that mean it didn't work.
*** This is permanent TEST-SING mode. After the Hard reset it will stay "ENABLED". if you want to disable simply flash the Stock ROM***
Thanks,
Credits.
Special thanks to @vcfan, Without his RPC Code really unreachable registry access.
@Myriachan For this wonderful discovery.
We are introducing a way to apply @Myrianchan's WindowsRT "Test Mode" hack to Windows Phone 8/8.1 and Windows 10 Mobile Preview builds before 10572.
Yeah,Actually this not my complete hack but @Myriachan discovered wonderful hack I've ever seen. So the FULL credits goes to her of course.
Probably to Enable test Mode for Phone you have to Full Registry Access to configure the BCD objects "Boot Configuration Data".
Yeah, we have vcReg editor base upon this for Lumia Devices.
This is NOT specific about the LUMIA device but for now we have only lumia device with FULL Registry Access.
**********
CAUTIONS.
please, DON'T BE STUPID. IT'S UEFI Hacking. Bricking chances is maximum and potentially too Dangerous.
It can be a permanent damage to the Device and no one will recover your device. like[Nokia/Microsoft Care. ATF Box]
So the, I'm/Any other XDA Member not responsible for any damage to your device. Use it on your own risk.
**********
Introduction to Test-Signing.
Test-signing refers to using a test certificate to sign a pre-release version of a driver package for use on test computers. In particular, this allows developers to sign kernel-mode binaries by using self-signed certificates, such as those the MakeCert tool generates. Starting with Windows Vista, this capability allows developers to test kernel-mode binaries on Windows with driver signature verification enabled.
More details are here.
Introduction to Test-Signing Hack for Windows Phone.
Specifically, the "Trusted Boot Security Feature Bypass Vulnerability – CVE-2015-2552" is Myriachan's jailbreak exploit.
The exploit itself is simple. Run an administrator PowerShell (can't be cmd), and execute the following command, then reboot:
bcdedit /set '{current}' loadoptions '/TŅSTSIGNING'
(The Ņ character is Unicode character U+0145, which you can find in Character Map if you need it.)
Your system will come up in "test signing" mode, along with a watermark on the desktop indicating this. While in test-signing mode, applications still have to be signed, but they can be signed by anyone, including your own self-signed certificates.
How to sign executables for this is mostly beyond the scope of what I'm posting. Use makecert and signtool. Your certificate must be at least 2048-bit RSA. When using signtool, be sure to timestamp your executable (/t option), use page hashing mode (/ph) and SHA-256 (/fd SHA256).
More Details of why this works:
http://pastebin.com/w5U2qTR0
Source
How to Enable Test-Sign on Windows Phone.
Yeah, It is also Simple.
Not Got much time to write simple tool for it. (I'll attached xap here later)
You have to write this Registry Key and Value.
1. Deploy and RUN VcReg Editor.
2. Select "HKEY_LOCAL_MACHINE"
3. Select "String"
Enter Without Quote.
Path:
Code:
"BCD00000001\objects\{7619dcc9-fafe-11d9-b411-000476eba25f}\Elements\12000030"Key:
Code:
"Element"
Code:
"/TŅSTSIGNING"4. HIT WRITE BUTTON !!!
5. REBOOT DEVICE.
That's It.
To verify Test Mode is Actually Enabled or Not
Read the below registry key and value.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control]
"SystemStartOptions"
It should have Included a value of "TESTSIGNING"(theres other strings too,forget them) . If not that mean it didn't work.
*** This is permanent TEST-SING mode. After the Hard reset it will stay "ENABLED". if you want to disable simply flash the Stock ROM***
Thanks,
Credits.
Special thanks to @vcfan, Without his RPC Code really unreachable registry access.
@Myriachan For this wonderful discovery.
Last edited:
520, 640xl
Get 10166 before they close the entrance!!
