Remove certification requirement from the SPV

[Guest Paul [MVP]]

Flash player doesn't appear to install.

P

[Guest sebset]

:oops:

[Guest yzbob]

does this security crack get us anywhere nearer to unlocking the phone to all networks or is this another kettle of fish?

[Guest Kallisti]

Wow the register is an incompetent news source. The newsgroup they mention is a public group, not inside microsoft..

[Guest spacemonkey]

does this security crack get us anywhere nearer to unlocking the phone to all networks or is this another kettle of fish?

It is a different kettle of fish but having easy access to the software end of the system makes it theoretically easier.

Most phones do sim unlocking by having some code hidden on the phone which you can read through a serial service cable, then some operation on that code sim unlocks them.

Well, theoretically you could make an app that reads that code so you can dispense with the serial cable part of the process.

That's the theory, you need some brainy mobile phone people to actually do the work tho...

[Guest Rob.P]

Thanx for trying Paul, just sent an email to Macromedia about it still waiting for a reply, will let you all know what they say.

Back to anticipation and at least I can hassle Macromedia now.

[Guest Emad]

Yay, a developer phone at last! (Hehe..). Exam at the end of the week, then I'm starting on a gameboy emulator - there go my evenings.. ;)

[Guest hardysmith]

I've just been trying to follow the steps above, but I'm having difficulty getting the SPV autosync up in time to drop the files in. By the time everything has synced, the phone is up and running and it has already parsed those files.

Any suggestions on how to get the sync up quicker? Or there something else I'm missing here?

[Guest muude]

This is really NOT working for me.... I've edited the files like I was told, but I just can't get it to work...

How important is yout timing here???

I've tried 5-6 times with no luck...

Can anyone help or is it just me??!!

[Guest yzbob]

i wonder what orange's official response/comment will be on this? if any?

is there any draw backs or repercusions from orange by removing the certification (apart from the possibility of viruses )?

[Guest psneddon]

I do an additional step that seems to make it work more often than not.

After you have Cleared the IPSM and it is loading up, as soon as the 'Enter Pin' screen is about to appear then hold down the power button and power down the device.

Turn the power back on and as soon as possible copy the files over. (e.g. as soon as ActiveSync connects to the phone)

It may not do anything but everytime I've gotten it to work I've done this.

[Guest budda]

I wonder which evil c**t will be the first to make a virus and take advantage of people unlocking their phones to rouge apps? :-/

On a lighter note - anybody considered running some kind of java engine yet?

[Guest Arisme]

I wonder which evil c**t will be the first to make a virus and take advantage of people unlocking their phones to rouge apps? :-/

that's why you need to add your own certificate, not remove everything :wink:

On a lighter note - anybody considered running some kind of java engine yet?

eh ... had the same idea :wink: I'll try to run the OTI engine tonight ... :wink:

http://www-3.ibm.com/software/pervasive/pr...wme/index.shtml

[Guest Kallisti]

Aww, Pocket Quake: "ERROR: No hardware timer available"

The basic story here (as mentioned before) is that you'll have to live with the fact that only software developed for smartphone will work for smartphone... Quake does manage to load the opening screen, but then the environment just lacks the required resources...

[Guest Ben]

bloody hell ! it worked !

[Guest muude]

Mine still doesn't work... Think I've tried like 20 times now...

WHEN are you supposed to overwrite the files??

I know it's when the Smartphone-screen appears, but when I wait a couple of secs before plugging it in the cradle, it switches to PIN-screen before Activesync pics up... That way I can't transfer the files until it's too late....

HEEELP!!!

[Guest davidhorn]

The PIN screen never even appeared on mine, though the crack worked.

[Guest gevans2000]

This is hilarious!

I wrote a nasty email to Orange yesterday - obviously no reply as yet - stating that users would not stand for a phone that should not have been released before it was ready. Maybe they'll think twice next time something new comes along....?

I'm laughing now but I get a funny feeling that my phone might mysteriuosly update itself sooner than I thought!

Great work everyone and thanks!!

[Guest youngerpants]

Amazing, I leave my PC for a couple of hours and the world has gone crazy... that'll teach me to try and have a life.

Obviously about to start now.

Paul, I like the way the site has turned into a smartphone cracking site... not what you had in mind I'm sure, but welcome to the dark-side :twisted:

Cant wait for peoples appz to get published

*I'm so happy I'm sh*tt*ng feathers*

[Guest Paul [MVP]]

It has not, and that is why I am letting the thread continue.

There is no cracking involved, just copying a simple XML file at the right time!

P

[Guest youngerpants]

Only kidding with ya Paul

[Guest Paul [MVP]]

Hehe

The JimmySoftware games are AMAZING!

P

[Guest crimminsky]

which games have you tried paul?

[Guest Arisme]

OK, now I'll stop saying that it's better to have a certificate, but explain how to do it :wink:

How to create your own certificate

Why would you want to do this ?

With this method, you'll be able to create your own certificates to sign your applications or the applications that you want to test. That way, you can disable unsigned applications execution and be safe from virus and general harm.

This method is intended for people who don't want to download and install Embedded Visual C and the Smartphone SDK as these tools come with an easy certificate provisioning.

Needed tools

* Microsoft AuthentiCode Toolkit - download it at http://msdn.microsoft.com/MSDN-FILES/027/0...18/codesign.exe

* A SHA1 hash algorithm implementation - download it at http://www.emit.jp/sha/sha1.exe

* A base64 algorithm implementation - download it at http://www.fourmilab.ch/webtools/base64/base64.zip

Installation

Unzip base64 and install the AuthentiCode toolkit.

Create a cert directory to store your certificates

Create your certificate

To create a certificate called "My dev cert" and put in in the cert directory,

run from the AuthentiCode directory

makecert -r -cy both -sv certSPVcert.key -eku 1.3.6.1.5.5.7.3.3 -n "CN=My dev cert" certSPVcert.cer

then

cert2spc certSPVcert.cer certSPVcert.spc

You can set a password to protect your certificate if you feel paranoid, or just click None SPVcert.key is your private key, that you'll use to sign the applications SPVcert.cer is your certificate, that will be installed in the device SPVcert.spc is the certificate stored in a different format to be used by the SignCode program Get the hash and encoded version of your certificate Run

sha1 certSPVcert.cer

and copy-paste the value (called the HASH) somewhere Then

base64 -e certSPVcert.cer certSPVcert.cer.encoded

Open the SPVcert.cer.encoded file to be able to copy/paste the value later (called the ENCODED CERTIFICATE) Install the certificate to sign applications Open the mxip_oem_10.provxml file. Locate the beginning of a section and add

       <characteristic type="Unprivileged Execution Trust Authorities"> 


            <characteristic type="HASH"> 


                <parm name="EncodedCertificate" value="ENCODED CERTIFICATE"/> 


            </characteristic> 


        </characteristic>

(replace HASH and ENCODED CERTIFICATE by their respective values, and don't forget the "") Install the certificate to sign CABs Add just after the previous value

       <characteristic type="SPC" > 


            <characteristic type="HASH"> 


                <parm name="EncodedCertificate" value="ENCODED CERTIFICATE"/>


                <parm name="Role" value="8"/> 


            </characteristic> 


        </characteristic>

(replace HASH and ENCODED CERTIFICATE by their respective values, and don't forget the "") Now you can install your provxml file as before - BE SURE TO RESTORE in the SecurityPolicy section to enable application signing again Installing your new certificate Race & win, SPV style :roll: Sign your code To sign a CAB (note that you'll have to sign ALL executables or DLL files inside this CAB if you are not building this CAB yourself to be able to use it) or an EXE file (let's say dummy.exe), run from the AuthentiCode directory

signcode -v certSPVcert.key -spc certSPVcert.spc dummy.exe

A warning will be issued about a missing timestamp that you can safely ignore

[Guest Paul [MVP]]

I've played Turjah, Boyan and Saffron.

P