write to the WMAppManifest.xml file within the app?

[gipfelgoas]

Hey guys,

I am wondering, if it is possible to write to the wmappmanifest.xml file within the app.. I searched on the net,but i didnt find some anwer. The only thing i found was how to read this file: http://www.developer.nokia.com/Comm..._Manifest_(WMAppManifest.xml)_file_at_runtime

If it would be possible we could,try to implement the capability INTEROPSERVICES programmatically..

 

[GoodDayToDie]

Two problems with that.
First of all, the app's install directory is read-only to the app permissions. You can't create, delete, or modify any file there from within the app (without some sort of "jailbreak" at least).
Second, and possibly more importantly, the permissions sandbox (or "appcontainer") that the phone uses to restrict an app is created at app install. Modifying the manifest is unlikely to have any benefit whatsoever (it certainly didn't help on WP7).

A good idea, though. Always glad to see people checking for such things.

 

[gipfelgoas]

Two problems with that.
First of all, the app's install directory is read-only to the app permissions. You can't create, delete, or modify any file there from within the app (without some sort of "jailbreak" at least).
Second, and possibly more importantly, the permissions sandbox (or "appcontainer") that the phone uses to restrict an app is created at app install. Modifying the manifest is unlikely to have any benefit whatsoever (it certainly didn't help on WP7).

A good idea, though. Always glad to see people checking for such things.

I searched on the msdn network and saw that artikle:http://msdn.microsoft.com/en-us/lib...?cs-save-lang=1&cs-lang=csharp#code-snippet-2

Examples

Use the file APIs, such as Windows.Storage.StorageFolder.CreateFileAsync | createFileAsync and Windows.Storage.FileIO.WriteTextAsync | writeTextAsync, to create and update a file in the local app data store

Requirements

Minimum supported client
Windows 8

Minimum supported server
Windows Server 2012

Minimum supported phone
Windows Phone 8

DLL
Windows.Storage.ApplicationData.dll

maybe it would be possible... I tried to implement it to a sample app, but i failed at the system.io stream...

 

[GoodDayToDie]

The app data store and the app install location are completely different things. The data store is a per-app read/write location that is initially empty. The install location is a read-only location that contains the contents of the XAP file (including the manifest and executable code). They are located in different parts of the file system (I could tell you the paths if you want), they have different permissions, they are accessed using different APIs, and they are not interchangable.

 

[ultrashot]

even in case of root access, I highly doubt WMAppManifest is ever used after app is installed.

 

[sensboston]

even in case of root access, I highly doubt WMAppManifest is ever used after app is installed.

Yep, I did some experiments a long time ago: WMAppManifest and/or WPInteropManifest are used on deployment only.

 

[smx06]

Hey guys,

If it would be possible we could,try to implement the capability INTEROPSERVICES programmatically..

And what does this capability give? (useful for)
I did run native api calls from w8 app, but the file system and process restrictions don't allow anything useful to do (like other than own or system32/ files browsing; registry is readable only; also no useful privileges present)

p.s. 2all: is it possible somehow to install original .xap files (taken from Market) via
\Microsoft SDKs\Windows Phone\v8.0\Tools\XAP Deployment\XapDeploy.exe"
or VS (on dev unlocked device)?

 

[GoodDayToDie]

ID_CAP_INTEROPSERVICES is a Windows Phone app "capability" flag that tells the OS to allow the app to access (specifically, create handles to) drivers by device name. This is useful because drivers run outside the security context of the OS, so they are not sandboxed, and thus if they offer IOCTLs (on Windows, DeviceIoControl codes) that can do useful things for us, we can use those IOCTLs to our own benefit.

This is the standard way that OEM apps do stuff which would normally not be possible, like controlling the cellular radios or accessing parts of the filesystem that are outside the app sandbox. Each OEM includes one or more drivers in their ROMs which support these operations.

On WP7, this was the way that early homebrew worked. Access to the filesystem (TouchXplorer, Advanced Explorer) and write access to the registry (Advanced Explorer, Registry Editor, Advanced Config, and others) were made possible by OEM-provided COM DLLs which in turn opened device handles and invoked IOCTLs to obtain the required access. Later, WP7 Root Tools worked by directly accessing the drivers and exploiting security vulnerabilities within them that Heathcliff74 had discovered to gain arbitrary code execution in the kernel. That will be harder on WP8 (assuming we even get that far) because of the many exploit mitigations in the NT6.2 kernel, but it's worth a shot. Even if we can't pull that off, though, there's a decent chance we could get something like the Windows RT "jailbreak" to work, and a good chance that we could get something like the old Advanced Explorer to work.

 

[smx06]

ID_CAP_INTEROPSERVICES is a Windows Phone app "capability" flag that tells the OS to allow the app to access (specifically, create handles to) drivers by device name. Each OEM includes one or more drivers in their ROMs which support these operations...
were made possible by OEM-provided COM DLLs .

Thanks for explanations!

Basically i don't see any app using ID_CAP_INTEROPSERVICES in 820.ffu/nokia820 image(having in manifest) . Am i missing something?

As far as i understand If we don't have ID_CAP_INTEROPSERVICES we can't load or properly use OEM-provided COM DLLs? (not enough rights) Am i right?
NB: can anybody suggest such COM-DLL (name) to explore? (as example) from wp8? (as i understand there are no such dlls in WP8 x86 emulator from SDK?)

Thanks again!

 

[gipfelgoas]

Thanks for explanations!

Basically i don't see any app using ID_CAP_INTEROPSERVICES in 820.ffu/nokia820 image(having in manifest) . Am i missing something?

As far as i understand If we don't have ID_CAP_INTEROPSERVICES we can't load or properly use OEM-provided COM DLLs? (not enough rights) Am i right?
NB: can anybody suggest such COM-DLL (name) to explore? (as example) from wp8? (as i understand there are no such dlls in WP8 x86 emulator from SDK?)

Thanks again!

If you want to see a OEM app which uses ID_CAP_INTEROPSERVICES look at this: https://rapidshare.com/files/4165178711/825962362f3144b7a1115d0bb6a3935b.xap Its a app from the Nokia RM860 with product code 059r225 in ncs. In this xap file are also used some other caps, with a "normal" developer cant access.

If we don't have this (or other) capabilities, our app runs in a sandbox and cant access to system features, such as file system ...
If you want to see a COM-DLL, download a ffu file, mount it with this and go then in the windows/system32 directory..

 

[smx06]

If you want to see a OEM app which uses ID_CAP_INTEROPSERVICES look at this: https://rapidshare.com/files/4165178711/825962362f3144b7a1115d0bb6a3935b.xap
If you want to see a COM-DLL, download a ffu file, mount it with this and go then in the windows/system32 directory..

Thanks for the xap! (if You have some researches on it, it could be also great; to start from already explored stuff)

About COM-DLL i mean not ordinary ones (which i can see in /system32/ of wp8 SDK emulator or /system32/ on my phone), but those DLLs (or +drivers?) which are used by ID_CAP_INTEROPSERVICES apps (to do somthing like reg writing; FS access, etc.)

Thanks!

 

[GoodDayToDie]

On WP7, COM DLLs were needed to access the drivers (because WP7 apps couldn't use C++ directly and don't have APIs to wrap CreateFile (for getting the driver handle) or DeviceIoControl (to call IOCTLs). On WP8, COM DLLs (or something like them) may or may not be used; I think it's possible to do what needs to be done using the official C++ SDK but I haven't checked.

In any case, the COM DLLs were just wrappers around the driver IOCTLs. The drivers are the ones that do all the heavy lifting, because they're the things that have the required permissions. Also, I guarantee you that there are some high-permission drivers on the Lumias; you can't do an app like the storage checker/cleanup or whatever it is without them. That requires filesystem access well in excess of what an app is normally allowed to have.

 

[smx06]

Also, I guarantee you that there are some high-permission drivers on the Lumias; you can't do an app like the storage checker/cleanup or whatever it is without them. That requires filesystem access well in excess of what an app is normally allowed to have.

Ok. The simplest way to check is to search such apps (with interop cap) in the registry (afair all apps are registered there with listed caps)
shall try on my 820. also the registry viewer could be useful to search somth else..

But i doubt they really are (as there were nothing similar inside the image).

p.s. and as i understand there are no chances of finding somth like this (DLL or sys) in wp8 x86 emulator (that could be much easier to review in IDA)
p.p.s. i think all people know that is possible to mount vmdk disk of wp emulator and reverse all system modules (x86).