Jump to content

Remove certification requirement from the SPV

Guest Third_of_Five

By Guest Third_of_Five
in Smartphone General Discussion

 Share

Recommended Posts

Guest Taff

Guest Taff

Posted
Posted

I'm running XP Pro.

Basically, I did the Hard Reset and put it back in the cradle as soon as it went from the Orange splashscreen to the the blue Microsoft Smartphone screen and then dragged the two files back to the windows directory and just waited for the "Replace File" box.

Link to comment
Share on other sites
  • Replies 305
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Thruk

Guest Thruk

Posted
Posted

Yep, good job Spacemonkey. And Taff too.

Pibrahim, I downloaded the Turijah demo from Handango, and it runs fine. And it still runs after a power on/off cycle. (Runs better, in fact).

Now, show we take bets on how many postings this topic will have by midnight tonight?

Sounds like this should be the sticky thread of all sticky threads!

Link to comment
Share on other sites
Guest spacemonkey

Guest spacemonkey

Posted
Posted

Hey, thank the french and the not french guy who figured most of it out... I just read a forum translated through www.google.com into english and put the pieces together. Nothing is more fun than an evening reading automatically translated forums....

Link to comment
Share on other sites
Guest Monolithix [MVP]

Guest Monolithix [MVP]

Posted
Posted

Placing your own files into Windows results in them being deleted after a power cycle. From what Thruk has said i assume it doesnt reset the files to thier original state as well?

Link to comment
Share on other sites
Guest Taff

Guest Taff

Posted
Posted

They will go back to their original form (You're just overwriting a copy that is running in RAM).

Everytime you power up the SPV it has to copy the original files back out of Flash into RAM again.

I've just been looking through the registry and there are a couple of keys in there that tells it its done a cold boot, so it knows not to read the files again.

Link to comment
Share on other sites
Guest psneddon

Guest psneddon

Posted
Posted

Removing the <4119> Item is the incorrect way to do it.

You want to replace the following lines

with the values as stated above.

4101 - What security role to run .Cab files under, this seems to have to be Manager as some installation files need to access the registry.

4101 - This is what tells the phone if you can run unsigned apps.

Have been up all night getting this to work properly.

Ta,

Paul

Link to comment
Share on other sites
Guest spacemonkey

Guest spacemonkey

Posted
Posted

Yeah, where did you find info on those psneddon? The SDK was giving me lots of uesful stuff like 4101 make it USER_AUTH or whatever but I couldn't find anywhere that told me which bit USER_AUTH matched to, same for MANAGER PP_AUTH etc, is there a table of these somewhere?

That's why in the end I got frustrated and just went for the brute force approach.

The other thing is I tried putting these at various values, but as well as just running unsigned code I need the phone to hook up to the dev environment properly, does the 8,1 options give you that?

Link to comment
Share on other sites
Guest yzbob

Guest yzbob

Posted
Posted

when this post has concluded the best way to unlock the phone for unsigned apps could someone post some simple to follow instructions for the newbies out here thanks

Link to comment
Share on other sites
Guest Monolithix [MVP]

Guest Monolithix [MVP]

Posted
Posted

I doubt that is possible, as the files are only read at hard reset.

Maybe a register edit could do it, but that would require the app to be certified... :D

Link to comment
Share on other sites
Guest spacemonkey

Guest spacemonkey

Posted
Posted

Not only the app needing to be certified... it's gotta have a priveleged certificate as Orange not just Baltimore to be allowed to modify HKey Local Machine (where these tags exist) and there's no way Orange would let you do this.

Of course, when Orange update the phone to close this current method then someone may grant DJHope's wish.

Link to comment
Share on other sites
Guest Monolithix [MVP]

Guest Monolithix [MVP]

Posted
Posted

I doubt that is possible, as the files are only read at hard reset.

Maybe a register edit could do it, but that would require the app to be certified... :D

Link to comment
Share on other sites
Guest psneddon

Guest psneddon

Posted
Posted

There are a few more settings that relate to security. There is one to do with RAPI and another that lets you assign another user type 'Manager' Status.

Here are all the useful bits

SECROLE_MANAGER = 8

SECROLE_OEM = 2

SECROLE_OPERATOR = 4

SECROLE_OPERATOR_TPS = 128

SECROLE_USER_AUTH = 16

SECROLE_USER_UNAUTH = 64

Unsigned .cabs Policy

This policy determines whether Unsigned .cab files can be installed on the device, and if so, what role mask should be assigned to the .cab file.

A value of 0 (equivalent to having none of the role mask bits set) means that no unsigned .cab files can be installed.

Policy ID 4101

Possible values Specified as a role mask

Default value USER_UNAUTH

Required role(s) to modify policy SECROLE_MANAGER

Unsigned Applications Policy

This policy enforces whether unsigned applications are allowed to run on Smartphone 2002.

Policy ID 4102

Possible values 0 – Unsigned applications are not allowed to run on the device.

1 – Unsigned applications are allowed to run on the device.

Default value 0

Required role(s) to modify policy SECROLE_MANAGER

Grant Manager Policy

This security policy setting is enforced by the Configuration Manager and allows other roles to be granted administrative privileges to the system without having to explicitly acquire the manager role. In particular, this security policy permits a particular role mask to be mapped to the manager role without modifying the security role assigned to every metabase setting that is only accessible to the manager role. This policy functions similarly to the Microsoft Windows® NT® runas utility that allows the use of administrative privilege for certain activities.

When this policy is set to ‘0’ (equivalent to having none of the role mask bits set) the manager is granted the Manager role.

Policy ID 4119

Possible values Specified as a role mask.

Default value SECROLE_USER_AUTH

Required role to modify policy SECROLE_MANAGER

RAPI Policy

This policy restricts access to Smartphone 2002 with RAPI using ActiveSync. The following are the three security modes available to ActiveSync.

Open mode: Full access to ActiveSync. RAPI calls are allowed to process without restrictions.

Protected mode: Access is restricted to SECROLE_USER_AUTH (User Authenticated) role and all RAPI resource requests are checked against this role mask before they are granted.

Closed mode: ActiveSync service is shut down and all RAPI calls are rejected.

Policy ID 4097

Possible values 0 – All RAPI calls are disabled.

1 – All RAPI calls are allowed.

2 – RAPI calls in restricted mode.

Default value 2

Required role(s) to modify policy SECROLE_MANAGER

Link to comment
Share on other sites
Guest Monolithix [MVP]

Guest Monolithix [MVP]

Posted
Posted

damn forums :D

and i guess we'll have to see what happens. Everything is still in the air over certification, hopefully it will calm down with more smartphone mobiles...

Link to comment
Share on other sites
Guest Kallisti

Guest Kallisti

Posted
Posted

OK, not managed to get it going on my own SPV yet (despite lots of tries). However, Just some comments on the actual changes that should be made:

Surely we need to change it so that the two current settings:

Should be:

Thereby allowing unsigned apps, and adding user_unauth manager "runas" rights..?

You might want to de-restrict RAPI as well, but I'll leave that one alone for now :D

Link to comment
Share on other sites
Guest Ben

Guest Ben

Posted
Posted

Just got back from Lunch at home, and no joy with me. Like the other guys who've tried this there just isn't enough time. I put the SPV in the docking station as soon as the blue Microsoft screen loads, but Activesync doesn't recognise it (in fact most times it prompts me for a new partnership, but I ignore that). The one time I do manage to upload the files onto the SPV, I did it just as the Pin-Code screen comes up, which I'm guessing is a bit late....well I tried running the RegEdit program and it won't install.

I shall try again a bit later on this evening...looks promising though? Maybe someone could modify the correct XML files with the new/correct security settings, and post them here, or somewhere else if not legally allowed here?

Cheers!

Ben.

Link to comment
Share on other sites
Guest jacoch

Guest jacoch

Posted
Posted
Hey, thank the french and the not french guy who figured most of it out...  I just read a forum translated through www.google.com into english and put the pieces together.  Nothing is more fun than an evening reading automatically translated forums....

You're welcome. That's me, for the swiss part.

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept