[XAP][GUIDE] Interop Unlock for WP8 + all Capabilities

Search This thread

GoodDayToDie

Inactive Recognized Developer
Jan 20, 2011
6,066
2,932
Seattle
... Huh. On the one hand, I kinda wanted to write that whitepaper myself (I'm working on another, utterly unrelated and much less interesting, one for work or I'd have done so already). On the other hand, the whole thing with launching telnetd is cool and useful, so I wrote an app to do it! It's nothing fancy right now; I'll start a thread to discuss it (and upload the source) when I'm not sleepy. Uses my NativeProcess library, includes the requisite programs, closes any launched processes on exit.

I'm working on a more powerful version, but this one doesn't need anything except dev-unlock.
 

Attachments

  • LaunchRemoteShell_Debug_ARM.xap
    328 KB · Views: 116

boki04

Member
Aug 16, 2009
9
0
Ive followed all the steps, but when I always get stuck on that blue samsung screen o

Ive followed all the steps, but when I always get stuck on that blue samsung screen on step two. Any tips?
 

Attachments

  • wp_ss_20140526_0001.png
    wp_ss_20140526_0001.png
    52.8 KB · Views: 431

tdecision10

Member
May 6, 2009
35
7
Greetings:

For some reason, I thought when I successfully interop unlocked and loaded your bootstrap and all capabilities XAPs on my Samsun Ativ S Neo (Sprint), I would be able to use internet sharing sans adding it through the carrier.

Was I mistaken? Or am I doing something wrong?

My device is interop unlocked. I can sideload multiple XAPs without an issue.

Thank you.

-Tdecision10
 

GoodDayToDie

Inactive Recognized Developer
Jan 20, 2011
6,066
2,932
Seattle
Really not sure why you got that idea, but we get people thinking it lets you SIM unlock as well (which is even more inaccurate) all the time too.

Interop- and capability-unlock let you
A) Sideload more apps.
B) Sideload apps with higher privileges.

That's it. That is the entirety of the change.

Now, with that said, some of the capabilities that are unlocked relate to device provisioning. Device provisioning can, supposedly, be used to modify the HotSpot (internal name for the Internet Sharing feature) behavior. It's not hard, in theory, to turn off the carrier check on HotSpot... if you can get the app to process the config file. That last step is the hard one. Another possibility is that the relevant setting is in the registry, and since interop-unlock makes editing the registry relatively easily, that's potentially a thing we could do. However, I haven't actually found the relevant location in the registry so far, so no dice on that one thus far.
 

tdecision10

Member
May 6, 2009
35
7
HotSpot

Really not sure why you got that idea, but we get people thinking it lets you SIM unlock as well (which is even more inaccurate) all the time too.

Interop- and capability-unlock let you
A) Sideload more apps.
B) Sideload apps with higher privileges.

That's it. That is the entirety of the change.

Now, with that said, some of the capabilities that are unlocked relate to device provisioning. Device provisioning can, supposedly, be used to modify the HotSpot (internal name for the Internet Sharing feature) behavior. It's not hard, in theory, to turn off the carrier check on HotSpot... if you can get the app to process the config file. That last step is the hard one. Another possibility is that the relevant setting is in the registry, and since interop-unlock makes editing the registry relatively easily, that's potentially a thing we could do. However, I haven't actually found the relevant location in the registry so far, so no dice on that one thus far.

Is this in the right direction?

-Tdecision10
 

Attachments

  • HotspotReg-Maybe.png
    HotspotReg-Maybe.png
    64.9 KB · Views: 158

GoodDayToDie

Inactive Recognized Developer
Jan 20, 2011
6,066
2,932
Seattle
That's the class entry for the HotSpot configuration interface. You could try something like seeing if that class GUID crops up anywhere else, but I don't actually know if that will help. Sorry. I've looked a bit myself, without luck so far. I'm working on better tools to let me search more effectively.
 

tdecision10

Member
May 6, 2009
35
7
That's the class entry for the HotSpot configuration interface. You could try something like seeing if that class GUID crops up anywhere else, but I don't actually know if that will help. Sorry. I've looked a bit myself, without luck so far. I'm working on better tools to let me search more effectively.

Okay so, I'll probably sound uneducated but the WAPNodeProcessor Data on these two (HotSpot & SprintCsp) are the same. See attached pictures.

Not sure if that means anything. But I'm hoping this is what you're referring to.

-tdecision10
 

Attachments

  • HotspotReg-Maybe.png
    HotspotReg-Maybe.png
    66.6 KB · Views: 281
  • ht.png
    ht.png
    57.9 KB · Views: 262
Last edited:

Paul_Hammons

Senior Member
Jun 10, 2005
61
22
Guys,
The Entitlement check registry setting is here....
HKLM\SYSTEM\CurrentControlSet\services\ICSSVC\Settings\EntitlementRequired set it to "0"

But I can't get the APN information correct to make it work on Sprint. It no longer does the entitlement check, though.
Maybe this just works on other carriers.

Good luck setting the correct APN, if you figure that out, let me know. I almost want to add ICS to my plan and see if Sprint sets the correct APN's automatically so I can see what they are. I am using the diagnostic and and APN apps to check/modify my APNs.

-Blue_Frog
 

Attachments

  • 2014-08-06_1-51-59.jpg
    2014-08-06_1-51-59.jpg
    122.1 KB · Views: 171
  • Like
Reactions: GoodDayToDie

tdecision10

Member
May 6, 2009
35
7
Guys,
The Entitlement check registry setting is here....
HKLM\SYSTEM\CurrentControlSet\services\ICSSVC\Settings\EntitlementRequired set it to "0"

But I can't get the APN information correct to make it work on Sprint. It no longer does the entitlement check, though.
Maybe this just works on other carriers.

Good luck setting the correct APN, if you figure that out, let me know. I almost want to add ICS to my plan and see if Sprint sets the correct APN's automatically so I can see what they are. I am using the diagnostic and and APN apps to check/modify my APNs.

-Blue_Frog

I thought about that too, add it for a month just to see what the new settings are.

I read that for CDMA that TetheringNAIConn is necessary for it to work. Read that here: https://dev.windowsphone.com/en-US/OEM/docs/Customization/Internet_sharing__hotspot_

But I'm not educated enough find the registry location to be able to change those so it shows up in the ##3282#-Edit LTE APN Setting (if that is even where it goes).

Also, there is some interesting stuff in the Sprin tEntitlement.dll (notepad info attached) that I thought may be useful. But again, I'm not educated enough to know what to do with it.

To be honest, I don't know if any of this is relevant but I'm sure someone will find out.

-Tdecision10
 

Attachments

  • Sprdll.png
    Sprdll.png
    254.8 KB · Views: 205

Paul_Hammons

Senior Member
Jun 10, 2005
61
22
I thought about that too, add it for a month just to see what the new settings are.

I read that for CDMA that TetheringNAIConn is necessary for it to work. Read that here: https://dev.windowsphone.com/en-US/OEM/docs/Customization/Internet_sharing__hotspot_

But I'm not educated enough find the registry location to be able to change those so it shows up in the ##3282#-Edit LTE APN Setting (if that is even where it goes).

Also, there is some interesting stuff in the Sprin tEntitlement.dll (notepad info attached) that I thought may be useful. But again, I'm not educated enough to know what to do with it.

To be honest, I don't know if any of this is relevant but I'm sure someone will find out.

-Tdecision10

Take a look at ##3282#-View (NOT EDIT) and select bot LTE APN = PAM must be enabled here. The APN name should be PAM. I know this is required.

Then look at MMS URL in VIEW mode and you can see the APNs that are on your phone. If you can screenshot those for me, that would be great, I have modified my so much. This is the part we have to get right. I can't find these in the registry, I don't think we have permission to the keys. They are in an xml in c:\data, which we don't have access to either..... I have an APN editor installed so I can add/edit some of the APN's.
-Blue_Frog
 

tdecision10

Member
May 6, 2009
35
7
Take a look at ##3282#-View (NOT EDIT) and select bot LTE APN = PAM must be enabled here. The APN name should be PAM. I know this is required.

Then look at MMS URL in VIEW mode and you can see the APNs that are on your phone. If you can screenshot those for me, that would be great, I have modified my so much. This is the part we have to get right. I can't find these in the registry, I don't think we have permission to the keys. They are in an xml in c:\data, which we don't have access to either..... I have an APN editor installed so I can add/edit some of the APN's.
-Blue_Frog

Attached.....

I noticed all those and changed the PAM to enable and put the internet n.ispsn in it but didn't know what to do next or even if it worked. (Obviously I'm willing to try anything). I changed it back before I took the screen shots.

Hopefully, these help...there are three MMS URL pictures so I could show the whole list.

APN editor sounds like something I was looking for.....hopefully it works.

-Tdecision10
 

Attachments

  • wp_ss_20140808_0001.jpg
    wp_ss_20140808_0001.jpg
    108.3 KB · Views: 230
  • wp_ss_20140808_0002.jpg
    wp_ss_20140808_0002.jpg
    106.1 KB · Views: 175
  • wp_ss_20140808_0003.jpg
    wp_ss_20140808_0003.jpg
    96.2 KB · Views: 170
  • wp_ss_20140808_0004.jpg
    wp_ss_20140808_0004.jpg
    83.6 KB · Views: 173

santacruzdz

Senior Member
Sep 19, 2008
424
218
I have a Lumia 620 with the latest wp 8.1 update, I'm new to wp hacking. All I want to know is if i can modify registry in the phone like inverted some colors of text and background field text?
 

DilanChd

Inactive Recognized Contributor
Jun 12, 2012
2,373
1,638
Paris
I have a Lumia 620 with the latest wp 8.1 update, I'm new to wp hacking. All I want to know is if i can modify registry in the phone like inverted some colors of text and background field text?
No and it was already said. Lumia is really secure vs the Samsung, HTC, etc.
But ATF Box Rif can help you maybe, but this is not for a beginner.
 
  • Like
Reactions: santacruzdz

Top Liked Posts

  • There are no posts matching your filters.
  • 71
    It took us much longer than WP7 did, but the first Interop Unlock hack for WP8 is now available. It's currently limited to SAMSUNG phones, although we're trying to extend it to other phones, of course.
    WARNING: Samsung is trying to break this hack! If you take the retail upgrade to GDR3 including the Samsung firmware update, it will not work!

    A brief summary, for those unfamiliar with interop-lock: Windows Phone allows a number of high-privilege app capabilities, which can be used to make changes to the OS which are normally not possible for a third-party app. The limitation on whether we can use these capabilities or not is based on what "level" of developer unlock the phone has; standard "ISV" (Independent Software Vendor) dev unlock (max 10 apps or less) is what pretty much everybody gets; OEMs, however, get a special OEM Developer Unlock (300 apps or more) which gives them the ability to use much higher-privilege app capabilities than the standard ISV unlock permits. The name comes from ID_CAP_INTEROPSERVICES, the capability which was most important in WP7. In WP8, however, there are a great many interesting capabilities. Note that Interop-unlock by itself does not enable all of these. However, at least on Samsung phones, it is now possible to enable *all* the capabilities.

    Guide for Samsung's ATIV phones:

    The instructions are generally well-provided in @-W_O_L_F- 's app (direct link for updated XAP). You will also need the Diagnosis app, which is included (though hidden) on every Samsung WIndows phone.
    The instructions are as follows:
    • Developer-unlock your phone. You will need the Windows Phone Developer Registration tool for this; it comes with the SDK.
    • Sideload the helper app using Application Deployment (included with SDK) or WPPT. It does not work to just copy the file to your phone, or similar.
    • Open the Phone dialer (the built-in one) and dial ##634# to install the Diagnosis app (if you hadn't already). You can exit it afterward.
    • Run the Interop Unlock Helper app and read the instructions, clicking Next until you get to Step 2.
    • Click the button to generate the toast notification for your phone's Diagnosis app, then tap on the toast to open the hidden registry editor.
    • Press-and-hold the Back button, and switch back to the helper app without closing the registry editor. Click Next to go to Step 3 in the helper app.
    • Copy the provided registry paths and values out of the helper app, use the Back-and-hold switcher to return to Diagnosis, paste the values into the registry editor, and write them.
      Don't worry if the app says a write failed! Just hit Read afterward to verify the change.
    • Repeat the previous steps a few times, hitting Next after each set of instructions, until the Helper app says "Finish".
    Once all the registry values are written, congratulations; you are interop-unlocked!
    At this point, you probably want to run the EnableAllSideloading hack below.

    If you want to enable sideloading even more high-privileged apps, you'll want the following:
    1. Install the BootstrapSamsung app attached to this post. This requires having interop-unlock already, and will not work if you have Samsung's ships-with-GDR3 firmware update unless you unblock RPC.
    2. Run the app once, and ensure it displays a success message. You may then exit and (optionally) remove the app.
    3. Install the EnableAllSideloading app attached to this post. This requires the bootstrap step. However, it is not specific to Samsung (we just can't bootstrap anything else yet).
    4. Run EnableAllSideloading once, and ensure it displays a success message. You may then exit and (optionally) remove the app.

    At this point, you will be able to sideload any capability, even the ones used for built-in apps and services. However, there appear to still be restrictions, even with a capability such as ID_CAP_BUILTIN_TCB. Multiple XDA members, including @Heathcliff74 and myself, are working to overcome these restrictions.

    It may be necessary to repeat these steps after a phone update.


    Capabilities which will be enabled, without further modification, by using interop-unlock:

    Note: This list is *just* the ones from Interop-unlock; it does not unclude the ones from EnableAllSideloading.
    • ID_CAP_CALLMESSAGING_FILTER
    • ID_CAP_CAMERA
    • ID_CAP_CELL_API_COMMON
    • ID_CAP_CELL_API_LOCATION
    • ID_CAP_CELL_API_OEM_PASSTHROUGH
    • ID_CAP_CELL_API_UICC
    • ID_CAP_CELL_API_UICC_LOWLEVEL
    • ID_CAP_CELL_WNF
    • ID_CAP_CSP_FOUNDATION
    • ID_CAP_CSP_MAIL
    • ID_CAP_CSP_OEM
    • ID_CAP_CSP_W4_APPLICATION
    • ID_CAP_CSP_WIFI_HOTSPOT
    • ID_CAP_DEVICE_MANAGEMENT
    • ID_CAP_DEVICE_MANAGEMENT_ADMIN
    • ID_CAP_DEVICE_MANAGEMENT_BOOTSTRAP
    • ID_CAP_DEVICE_MANAGEMENT_SECURITY_POLICIES
    • ID_CAP_DU_MIGRATOR_STATUS_OEM
    • ID_CAP_OEM_DEPLOYMENT
    • ID_CAP_INTERNET_EXPLORER_FAVORITES
    • ID_CAP_INTERNET_EXPLORER_SEARCH_PROVIDER_KEYS_HKCU
    • ID_CAP_INTEROPSERVICES
    • ID_CAP_KIDZONE_CUSTOMIZATION
    • ID_CAP_MAP_WRITE
    • ID_CAP_MEDIALIB_PHOTO_FULL
    • ID_CAP_NETWORKING_ADMIN
    • ID_CAP_OEM_ADC
    • ID_CAP_OEMPUBLICDIRECTORY
    • ID_CAP_PEOPLE_EXTENSION
    • ID_CAP_PEOPLE_EXTENSION_IM
    • ID_CAP_PEOPLE_EXTENSION_MOBILE
    • ID_CAP_PERSONAL_INFORMATION_IMPORT
    • ID_CAP_RUNTIME_CONFIG
    • ID_CAP_SMS_INTERCEPT_AGENT
    • ID_CAP_SMS_INTERCEPT_RECIPIENT
    • ID_CAP_SYNC_EXTENSION
    • ID_CAP_VOICEMAIL
    • ID_CAP_WALLET_SECUREELEMENT
    • ID_CAP_WIFI_BASIC


    One of the goals of this thread will be to explore what we can do with interop-unlock, and look for ways to achieve full permissions. I think I've found one, but it requires the ability to write registry multi-string values. Basically, if we could add a "superuser" privilege, or enable the use of ID_CAP_BUILTIN_TCB, which already has it, this would allow the creation of "root" apps.

    Aside from myself, credit for this hack goes to @cpuguy for the Native Toast Launcher tool which permits accessing otherwise-unreachable code, and @-W_O_L_F- for helping put the pieces together. I'm not actually certain which one of us achieved the interop-unlock first; we were both working on it. @Heathcliff74 continues to be a help on the quest for full-unlock.

    The source code for the apps below is posted at http://forum.xda-developers.com/showpost.php?p=45606584&postcount=88
    22
    Root unlock achieved (EDIT: Sigh, not quite) on my ATIV S. Details forthcoming. In the meantime, rest assured: it is possible. This still won't let old apps be used, but it will let new "root" apps be written. Basically, an all-new WP8 Root Tools.

    EDIT: Agh. Still not working. I'm trying, though!
    19
    WP8 Root Tools progress report

    WP8 Root Tools progress report

    My two cents...
    17
    Hi all,

    Sorry for this off-topic message. But everybody who concerns this, follows this thread. So I'll drop it here.

    Today something amazing happened. I received a package from Italy. It was the long-awaited Samsung Ativ-S developer device. Many people donated money so we could buy a new phone for @sireangelus and he could send his phone to me. Within a few days money was collected, new device bought and sent to @sireangelus. After that, silence... I sent several PM's to him often no response. Or messages of him trying to be funny or whatever. But nothing was sent. I'm not easily pissed off, but last week, almost 2 months after he promised to send the phone, I got really angry and I sent him a couple of whatsapp messages to convince him he should keep his promise and don't be an @$$. Today I received the package. :)

    This night I had some time to check it out. Conclusion: it is really a developer device and very valuable for research! Yay!

    I already had an incident with it. I connected the device in mass-storage mode to my laptop, while I already had a WP8 virtual disk mounted. Windows 8 decided that all partitions needed to be unique and it actually changed the entries in the partition table of the Samsung (!!!) It couldn't boot any more. Luckily, I could still use mass-storage, so I could still inspect the device. I found that the partition table was corrupted and I could manually fix it. Pfew! All is working well again and I can further dissect it.

    Thanks to @sireangelus for finally sending the phone. I advise you to act more pertinent the next time you sell something, in order to avoid that people are getting really pissed off at you.
    Thanks to all guys who donated to make this possible. I hope to bring you new hacks soon!!

    Ciao,
    Heathcliff74
    16
    Questions and Answers

    Can I install WP7 interop apps using this?
    They will install, but there's no point. They almost certainly won't actually work. Interop-unlock enables access to parts of the OS which third-party developers were not intended to touch; consequently, there's no backward compatibility. Even the methods used for native code on WP7 (which is different from, but nearly essential to make use of, interop-unlock) won't work on WP8. However, it should be possible to port many of those applications to WP8.

    Will this work on Lumia phones / How can I get this on my Lumia / Are you working on this for Lumia phones / What about HTC, or some other OEM?
    The current hack relies on a Samsung-specific component. Adding support for other phones will require new hacks. We are looking into it, rest assured; at this time, however, there is no way to gain interop-unlock on any WP8 device other than a Samsung one.
    EDIT: It looks like there should soon be a Huawei W1 custom ROM with interop-unlock included. I don't deal with custom ROMs, but you may be able to use homebrew apps on that phone too.
    EDIT: Lumia phones *can* be interop-unlocked via JTAG. However, this requires some extra hardware and some phone disassembly. Not an online hack, and not for the faint of heart.

    But what if we installed the Diagnosis app on a Lumia phone (using Fiddler proxy or similar) and then followed this guide?
    I repeat, Samsung-specific component. Nokia doesn't put the required services/drivers for Samsung's Diagnosis app into their Lumia firmware, so the app would not work!

    Can I upgrade my phone to GDR3 if I have this?
    Yes. However, be aware: if you install Samsung's updates that come with the retail GDR3 update, it will break your ability to re-unlock, or to use some homebrew apps! (Developer preview updates are fine, as those are purely Microsoft code and don't mess with the Samsung components.)
    EDIT: There's a way to unlock the Samsung services for full access again on GDR3. You still need to interop-unlock beforehand, though.

    Can I re-lock my phone if I want to?
    Yes, easily. The simplest method is to use the Windows Phone Developer Registration tool (the one that comes with the SDK) to de-register the phone (you can then re-register it if you want to get your normal dev-unlock back). This doesn't remove any changes that were made using the interop-unlock, though (for example, it won't undo the EnableAllSideloading hack, not will it set back the Full FS Access hack). Apps that require interop-unlock will still be installed, but may no longer run. To manually remove interop-unlock, you can reset all the registry values that were changed by the interop-unlock hack to their original values, and remove all the apps. There still may be a great many other changes that also need reverting, though, if you want to get back to stock settings. See next question.

    Can I get my phone completely back to stock settings without knowing every little thing I changed?
    Yes, a hard (factory) reset will undo all changes made by interop-unlock, or any apps (including ones that require interop-unlock), and will remove all apps. If you need to send your phone in for warranty servicing and are worried that they won't take it because you interop-unlocked it, this approach will fix that (they would probably tell you to hard-reset anyhow, if it's conceivably a software problem).

    Will the interop-unlock survive a hard reset?
    Not using this method! Read the question above. This unlock is purely in software, not firmware; it is reset along with everything else.

    Can I upgrade my phone to WP8.1 if I have this?
    Tentatively, yes! We're still working on figuring out exactly what WP8.1 means for the homebrew scene. The short version is that most apps and some (but not all) of the hacks they contain seem to still work, though. However, see next question...

    Can I interop-unlock my phone on WP8.1?
    At this time, I don't believe this is possible (unless you can use a custom ROM). One step of the process appears to have been "fixed" and we will need to find a different way. -W_O_L_F- has indicated that he has one, possibly coming soon...