Jump to content

Remove certification requirement from the SPV (continued)

Guest Rob_Quads

By Guest Rob_Quads
in Smartphone General Discussion

 Share

Recommended Posts

  • Replies 100
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Arisme

Guest Arisme

Posted
Posted

YES !!!!

restart everything (the bootloader + IPSM reset) without the card, then reboot without the card

I'm (almost) sure that this will fix the problem

Link to comment
Share on other sites
Guest Moony1234

Guest Moony1234

Posted
Posted

heres what i done;

switched off

removed 128 card

switched on with voice memo button

pressed and hold action

pressed 8

waited till it said PASSED

press left twice

press end

take battery out

put battery in

power on

its still at sunset screen

Link to comment
Share on other sites
Guest Arisme

Guest Arisme

Posted
Posted

ok ... I guess that it's the first report of something screwed with just a hard reset ... sorry for you :cry:

now for the possible ways to fix this

1) Find someone else with a SPV - try to do a full backup (SD card in, bootloader, Save All) and restore it in your phone (SD card in, bootloader, action (or load all))

2) Try that on your own phone (I don't see how this could fix it but since it seems already broken ...)

other suggestions appreciated !

Link to comment
Share on other sites
Guest lucky

Guest lucky

Posted
Posted

Im sorry but did you all read that c/net article. What a complete load of cr@p. c/net is supposed to provide tech news. I think the staff writer just wrote the first thing that was excreted from his feeble brain. If he has any involvement with the tech industry he should be ashamed.

Moving on *seething with frustated anger* it is only a matter of time before you get a take down notice for this topic. This seems like another deCSS imho ;)

It seems obvious to me that orange is only interested in having a limited amount of software realeased at regualr intervals to provide a revenue stream, via gprs mb rates and developer/partnership fees. Along similar lines to java game downloads.

They may have marketed this phone as an all singing all dancin pocket computer, but what they were really after was a way to increase useage of their data services. If you can install any software you like and program the phone however you want why would you use any orange data services.

What concerns me is that orange will make every effort to plug this vulnerability to their revenue stream. Will they figure out a way to fix this vulnerability over the air?

comments?

Link to comment
Share on other sites
Guest Arisme

Guest Arisme

Posted
Posted

another decss ? I'd like to see that ... at least decss was a test for the legality of reverse-engineering, what will that be ? a test for the legality of putting your phone in your craddle before it has finished to boot ;) ?

and

If you can install any software you like and program the phone however you want why would you use any orange data services

because while it seems stupid to certify some programs (freeware games, emulators, registry editor ...), it seems quite reasonable to certify others (micropayment applications, games securing the user data to win prizes, ...) and be sure that they haven't been tempered with

Link to comment
Share on other sites
Guest Monolithix [MVP]

Guest Monolithix [MVP]

Posted
Posted

Dont forget only this gives you access to the OS layer of the phone, the GSM layer is still inaccessable, and therefore cannot be exploited (afaik).

I'm sure yet another workaround will be discovreed in due course though....

Link to comment
Share on other sites
Guest Arisme

Guest Arisme

Posted
Posted

even if it could be exploited, someone should explain CNN & others that PDAs with a GSM/GPRS modem are far more "dangerous" and "at risk" than the SPV (and available since 2-3 years) ...

it's really sickening to see such BS in "tech" news ... and I guess that the next step is a nice article on /. , at least they'll sort out the facts better than other sources :wink:

Link to comment
Share on other sites
Guest Thistle

Guest Thistle

Posted
Posted

Iv got an issue, after carrying out the procedure to unlock the certs for the phone when i proceed to my contacts list at the top it say "Micellaneous" on the title bar and below that where u would normally find your contacts its says "No matches for this filter" even after syncing it with ma pc or adding an entry manually, anyone?

Ignore me it was sorted with a restart

Link to comment
Share on other sites
Guest MBoden

Guest MBoden

Posted
Posted

can anybody verify that there is a certification level that allow software to access ONLY the OS but not the radio part, it seems that our defense and argument hinges on that ?

Link to comment
Share on other sites
Guest Arisme

Guest Arisme

Posted
Posted

check in the SDK help file "OS Security", "Public and System APIs"

of course, I don't know if all the APIs are listed here, we have to trust Microsoft security policy on that :roll:

and even if some radio APIs could be accessed, what does that mean ? you cannot send a virus to another phone as this is only a local exploit, you cannot "hack the GSM network" just because it doesn't mean anything (hey guys I'm going to hack the RTC network with my |33+ home phone right away :twisted:) ...

sorry for the reporters, but there's really no hype arguments to exploit in this story ... move to another one please and let us develop our harmless applications please !

Link to comment
Share on other sites
Guest MBoden

Guest MBoden

Posted
Posted

all i'm saying is that maybe we could use all this media and say "hey , we didnt hack the phones to make viruses, we just wanted to be able to develop software for hour phones, something that is quite possible to do safely but microsoft/orange wont allow it " ?

Link to comment
Share on other sites
Guest AsherUK

Guest AsherUK

Posted
Posted

Re: http://news.com.com/2100-1033-980803.html

I think that someone really needs to put Ben Charny (CNET news.com / [email protected]) straight on the the whole aspect of the "alleged" hack and the reason why this "hack" was developed.

Maybe someone could also explain to him the actual benefits of being able to write your own apps and run unsigned programs, and that this "hack" only allows unsigned apps to run on a single phone AND does not allow access to the "phone / radio" part of the SPV and therefore does not compromise the network or allow viruses to be sent to other peoples phones.

I'm still amazed that Orange do not see the benefit of having this part of the certification permanantly removed, it would allow thousands more applications to become available (which would attract more customers to this phone instead of them being attracted to the competitiors phones/network) and it would also attract the thousands of us technically minded people that like to be able to design our own applications and make the phone a more useful device.

I'm pretty sure that without this "stupid" certification Orange would easily sell a lot more phones than the competition and regain it's status as a "the best network provider" instead of the current status of "ok but restrictive network provider that turns a blind eye to the consumers real needs or wishes".

In a way, Orange are killing this phone before it's even been born, it has massive potential (if they removed the first level of certification), and I'm sure that most people would overlook all it's teething problems and relate to it as the best phone ever if thousands of games / applications were available and the ability to be able to write your own apps/games (if you were technically minded enough to do so).

We should start a petition where all those in favour of Orange removing the first level of certification (to allow unsigned apps to run on the phone (but not allow access to the "radio" part of the phone)) can add their name to the list (and any relevent comment) and then forward this to Orange ....or even take it to the Orange HQ and hand it directly to the MD (maybe with some media coverage - this is where Ben Charny might actually be of some use !) and see if they will grant us, and thousands of other potential customers, our wishes.

Getting back to Mr Ben Charny, do you really write for a technical news website ? is this your full time job ?. I ask these questions as you seem to know very little about technology and seem to lack in the field of research... which one would think are the two most important things in this line of employment. Go out and buy an SPV, use it for a while, notice the lack of games and applications available and then try to imagine it's potential and usefulness if thousands of apps and games were available, then maybe you'll join us in trying to make Orange see sense with the certification issue.

If Mr Ben Charny would really like to get his teeth into something and write a proper news story, maybe he should do a report on Orange trying to charge for "unlimmited" GPRS access and the flaws in their T&C's and advertising ?.

Anyway, at the end of the day it's only a phone !, it's not the start of world war three, it's not going to bring down the telecommunications network, and it's not going to start destroying peoples phones.

Oh, and as for the comment "sometimes involves taking the phone apart", is he mad ? .. I'm an electronics engineer and I wouldn't even consider opening my phone, it's got a couple of layers of surface mount circuit boards in there which could very easily be damaged and no modifications could be made internally without very specialist equiment.

Well, enough said, and sorry for the long post but I needed to get that off my chest.

As quick note to those who are less techincal, my comments relating to the radio part of the SPV does not mean that the SPV has a built in AM/FM radio tuner ...so don't go asking how to tune it in to Radio 1 !!!.

I'd also like to point out that all comments made here are "in my humble opinion" and are not the comments / views of the website owner. (who just happens to be a superstar ...in my opinion !).

I'll send what I've written here to Mr Charny, and hopefully anyone else with a view will do the same, maybe then he'll produce a correct and useful news article.

If Mr Charny or Orange would like to contact me about my comments or any other issue then my e-mail is [email protected], and if Microsoft would like to contact me then I'd be more than pleased to discuss some possible future product development ideas that might be of intrest and some other stuff.

Oh, and Mr Charny, please don't take offence, I know your only doing your job, but you could help us with the correct facts instead of hindering us with speculation.

Link to comment
Share on other sites
Guest Firaas

Guest Firaas

Posted
Posted

Moony, give it three hours if that's what it'll take, just keep glancing at the screen.

It's interesting that Orange and Microsoft seem to be immediately responding to this, while they've taken so long in responding to our bugs.

We're not doing anything which can affect anyone else's phone - so why the alarms?

It's my phone, I can do whatever I like as long as it doesn't affect Orange's network, and unless Orange specifically state otherwise (thus voiding the warranty if I do execute the procedure).

To be honest the press coverage is just alerting more SPV users that the certification can be hacked.

Link to comment
Share on other sites
Guest Firaas

Guest Firaas

Posted
Posted

Email to Ben Charny:

Dear Mr Charny,

I suggest you check your facts before publishing such an exaggerated article for a well-respected news source.

Hackers can't send rogue software to cell phones using Smartphone 2002 whilst certification is turned off.

And I'd be interested in the person who took their phone apart in order to unlock it.

All of the people I am aware of who have unlocked their SPV from certification have done so quite easily. It's not a difficult process at all - I performed it for the first time in around 15 minutes.

If Orange and Microsoft aren't speculating, neither should you - especially when the article written contains so much junk.

Perhaps http://212.100.234.54/content/59/28857.html will help you rewrite your article, which I hope you will do.

Firaas Rashid

Link to comment
Share on other sites
Guest davem1919

Guest davem1919

Posted
Posted

The two files for editing appear different on my SPV

mine are called

mxipcold_oem_10.provxml

mxip_oem10.provxml

They seem to have a "P"

Just want to check it will be OK to try

Dave

Link to comment
Share on other sites
Guest spacemonkey

Guest spacemonkey

Posted
Posted
The two files for editing appear different on my SPV  

mine are called  

mxipcold_oem_10.provxml  

mxip_oem10.provxml  

They seem to have a "P"  

Just want to check it will be OK to try  

Dave

That sounds fine... at the end of the day there is no real risk (as long as your phone will do normal hard resets) cos if it doesn't work, you can just hard reset normally.

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept