With this tool you get root-access to parts of your WP7 device.
This version contains a registry-editor, a file-explorer with basic
file-operations and a certificate-installer with write-access to the
certificate-stores.
This tool is in alpha stage. That means that it is not feature complete and it is not yet properly tested. This tool also provides you with high privileges with which you can alter low level settings and data on this device. All this may result in unexpected and undesired behavior, which may ultimately damage your device. Use this tool with care and use it at your own risk. The developer of this tool cannot be hold responsible for any kind of damages, caused directly or indirectly by using this tool.
The current version of this tool can only be used on Samsung devices. A small part of the code uses Samsung-specific functionality. The performance of the tool may sometimes be slow. This is the result of the way access to the system is elevated. The next version of WP7 Root Tools will run on more devices, like HTC and LG. Also the access is elevated more directly.
IMPORTANT NOTICE: If you get error 0x81030120 when you deploy WP7 Root Tools to your device, then please read this guide!
Your phone needs to be INTEROP-UNLOCKED. On WP7 there are already a lot of different unlocks:
Registry Editor
The current version of the registry editor has an issue with string-values that contain special unicode characters and non-ansi-characters. There was no quick fix for that. So currently I have marked these values with "<INVALID STRING>" and made them non-editable. I think I can fix this in the next version of WP7 Root Tools.
File Explorer
I specifically mentioned that this version has basic file-operations, because not everything is implemented. This is what you can do:
- Cut / Copy / Paste / Delete / Rename single files
- Delete empty folders
- Create new folders
This is what you can't do (will be possible in later versions):
- Cut / Copy / Paste multiple files or entire folders
- Delete folders with content
- Rename folders
Certificate Installer
You might wonder why I created a certificate installer, because it is already possible to add certificates. When you email a certificate to yourself and tap that attachment, WP7 will install it. But if you install like this, the certificate will always be installed in the "Root" certificate store. With my certificate installer you can also install in "CA", "My" and "Code Integrity" stores. This may be very useful for hacking attempts. You can install a certificate by browsing to the ".cer" file and tap it. The possibilities for getting a certificate file on your phone will follow below. If you start installing certificates on your phone you should consider making backups in advance. I once experienced Zune going totally bezerk after installing certs. Zune took 100% and lost connection with the phone all the time. Everything was back to normal when I deleted the certs. In this version there is no view on the certificate stores available yet. In a future version you will be able to view the contents of all the certificate store and also uninstall certificates from there.
Desktop Sync
This version does not have a connection with the desktop computer. So it is not possible to use WP7 Root Tools to transfer files between the phone and the desktop. I hope to add this feature soon. Currently you can use other tools to get files onto your phone and then use WP7 Root Tools to move the files to the desired location. WP7 Root Tools has write access on every folder of your phone.
How to transfer files to your phone:
If you like this, hit the "Thanks" and/or "Donate to me" button.
Ciao,
Heathcliff74
Some screenshots:
Version history
0.1 - 2011/04/04 - Initial release: only registry-editor
0.2 - 2011/04/13 - Performance improvements and minor fixes
0.3 - 2011/04/14 - Bugfix in registry-editor
0.4 - 2011/06/14 - File browser added
0.5 - 2011/06/24 - File Explorer with basic file operations and certificate installer
0.6 - 2011/09/17 - Compatible with Interop-Unlocked Samsung Mango devices
0.7 - 2011/09/17 - Bugfix in registry-editor
History: http://forum.xda-developers.com/show....php?t=1021135
This tool is in alpha stage. That means that it is not feature complete and it is not yet properly tested. This tool also provides you with high privileges with which you can alter low level settings and data on this device. All this may result in unexpected and undesired behavior, which may ultimately damage your device. Use this tool with care and use it at your own risk. The developer of this tool cannot be hold responsible for any kind of damages, caused directly or indirectly by using this tool.
The current version of this tool can only be used on Samsung devices. A small part of the code uses Samsung-specific functionality. The performance of the tool may sometimes be slow. This is the result of the way access to the system is elevated. The next version of WP7 Root Tools will run on more devices, like HTC and LG. Also the access is elevated more directly.
IMPORTANT NOTICE: If you get error 0x81030120 when you deploy WP7 Root Tools to your device, then please read this guide!
Your phone needs to be INTEROP-UNLOCKED. On WP7 there are already a lot of different unlocks:
- Developer-uplock/ChevronWP7 unlock: This will allow you to side-load apps from your desktop to your phone. A legit developer-unlock costs $99 per year (this will also allow you to deploy your apps in the Marketplace). ChevronWP7 made an unlock tool, which allows you to dev-unlock your phone for free. This method only works on WP7 version 7.0.7004.0 and 7.0.7008.0. It does not work anymore since version 7.0.7355.0 (pre NoDo). But it is possible to unlock your phone on version 7.0.7008.0 and then use some tricks to upgrade your phone and keep the unlock. You can even upgrade to Mango RTM and still have the unlock. Look in this thead to get full instructions. Also the ChevronWP7 team will release an unlock-method that will only cost a few bucks and will apply an official dev-unlock on any version of WP7, but it won't allow you to release apps to the Marketplace.
- Interop-unlock: On RTM and NoDo versions of WP7 it was possible to run apps with native code. These apps would use a COM-Interop-Bridge to transit between managed and native code. These apps need to be tagged with the Interop-capability called "ID_CAP_INTEROPSERVICES". These apps don't seem to run on Mango. Not even when you have a legit Developer Unlock. There are two reasons for that. The first reason is that most native libraries need some modifications to run on Mango. I found out how to do this and modified WP7 Root Tools so that it is compatible with Mango. The other reason is a deployment-restriction. That is the Interop-Lock that needs to be Unlocked. If you have a normal Dev-unlock on Mango and you try to deploy an app with that uses COM interop, the deployment will fail with error 0x81030120. contable and Marvin_S found out that the MaxUnsignedApp registry-value is responsible for the Interop-Lock. I did more research and I identified the code that checks this value. In fact, if you have the MaxUnsignedApp value set to 300 or higher, your interop will be unlocked. The value of MaxUnsignedApp is determined by the type of developer-unlock you have. A normal AppHub account will have it set to 10 and a student account will have it set to 3. So a value of 300 or higher is not a realistic value for a normal developer account. It is probably only set to this value for Microsoft employees and OEM developers. Until now, the only way to do an INTEROP-UNLOCK for MANGO meant that you have to downgrade to NoDo first, then prepare your device by loading provxml files to your device, upgrade to MANGO and then use OEM tools to execute the provxml files and do the necessary unlocks. But that is a lot of work and for some devices not even possible, because there are simply no ROM's available. But I have found an exploit that works on Samsung and HTC devices, which allows you to UNLOCK INTEROP your MANGO device. For it to work, it must already be developer-unlocked! Read this guide for instructions.
- FullUnlock: This a type of unlock which allows you to run Native Executables. Normally you can only compile Silverlight apps, which will be run in a sandbox. The app is compiled as a DLL, which will be run in TaskHost.exe. I you would like to compile Test.exe, you won't be able to run it, because there is a policy-system and certificate-system that prevent you from running it. Cotulla already cooked a ROM with FullUnlock, but unfortunately this is not yet working as expected. I also did research on this together with fiinix. Thanks go out to him for working with me on that matter. We did not get it working back then, but I think I now have enough exploits to get this working. I will do some more testing on this later on. WP7 Root Tools does not need FullUnlock to be able to run.
- Full Root Access: As stated previously, Silverlight apps and system executables have their own sandbox, which is defined by a Least Privilege based policy system. Even when you break into native code, you are still running in your sandbox. For example, you can try to copy a file in managed code. You will only have access in Isolated Store. If you use COM interop to call native code and you try to use the FileCopy() API, you can still only copy files in your Isolated Store. To break out of the sandbox, there are a couple of possible exploits. But they are still limited in their possibilities. To get unrestricted access to the API's and Resources on your device you will need to completely bypass the policies that the system has defined for your app. YukiXDA and I have in close contact with eachother for a period of time and we learned a lot from eachother. I found some of the exploits, thanks to him! YukiXDA unfortunately has left the community. A very big thanks to YukiXDA for working with me on this matter. Before he left he cooked a ROM for HTC HD2 which has Full Root Access cooked into it. The way he did it was to effectively shut down the policy-sytem. Although this opens up a lot of possibilities for homebrew, this is also kind of risky, because the system is also open to malware. And this technique only works on devices which have an unlocked bootloader (currently HTC HD2 and most HTC WP7 devices have unlocked bootloaders). I developed another type of Full Root Access. I can enable Full Root Access for the entire device (differt than what YukiXDA did, but effectively the same). But I can also enable/disable this per app. So the user can decide which app is trusted enough to get Full Root Access. Other apps will still run in their predefined sandbox. I am currently developing a new version of WP7 Root Tools which will support Full Root Access. To do this I will apply Full Root Access for WP7 Root Tools first. A user can use WP7 Root Tools to enable Full Root Access for another app. So if a developer wants to create an app that needs Full Root Access (for example some type of backup-app), the user of the app must use a ROM which has Full Root Access cooked into it, or the user must run WP7 Root Tools to allow Full Root Access for the app. There are two disadvantages. WP7 Root Tools must first install Full Root Access for itself. Obviously WP7 Root Tools does not have Full Root Access at that moment yet. So there are other exploits necessary to apply this. Currently I have exploits for this, but they use some device-specific features. I have exploits for Samsung, HTC and LG. Other brands, or possibly a device-independent exploit, may follow later. This means that WP7 Root Tools only works on these devices, and with that also the apps that need Full Root Access will only work on these devices. The other disadvantage is that, with the current state of Interop-unlocking, all users of WP7 Root Tools, and with that also all users of the apps that need Full Root Access, will need to be on dev-unlocked-NoDo first, in order to apply an Interop-Unlock for Mango. Because WP7 Root Tools and all apps that use Full Root Access need Interop Unlock. When I have the version of WP7 Root Tools with Full Root Access finished I will release an SDK, which will make access to the system a lot easier. The SDK will consist of a native library and a managed wrapper library. Developers will be able to access the Registry and Filesystem using only managed code and the libraries from the SDK. The app will of course need to be unlocked, using WP7 Root Tools on the device. But using the SDK is mandatory. You can also write your own native code. I will write a guide on how to do that later on. An app that has Full Root Access (provided by ROM or by WP7 Root Tools does not need any device-specific libraries. All API's can be used. For API's that are not in the SDK libraries you need to write your own COM wrapper.
Registry Editor
The current version of the registry editor has an issue with string-values that contain special unicode characters and non-ansi-characters. There was no quick fix for that. So currently I have marked these values with "<INVALID STRING>" and made them non-editable. I think I can fix this in the next version of WP7 Root Tools.
File Explorer
I specifically mentioned that this version has basic file-operations, because not everything is implemented. This is what you can do:
- Cut / Copy / Paste / Delete / Rename single files
- Delete empty folders
- Create new folders
This is what you can't do (will be possible in later versions):
- Cut / Copy / Paste multiple files or entire folders
- Delete folders with content
- Rename folders
Certificate Installer
You might wonder why I created a certificate installer, because it is already possible to add certificates. When you email a certificate to yourself and tap that attachment, WP7 will install it. But if you install like this, the certificate will always be installed in the "Root" certificate store. With my certificate installer you can also install in "CA", "My" and "Code Integrity" stores. This may be very useful for hacking attempts. You can install a certificate by browsing to the ".cer" file and tap it. The possibilities for getting a certificate file on your phone will follow below. If you start installing certificates on your phone you should consider making backups in advance. I once experienced Zune going totally bezerk after installing certs. Zune took 100% and lost connection with the phone all the time. Everything was back to normal when I deleted the certs. In this version there is no view on the certificate stores available yet. In a future version you will be able to view the contents of all the certificate store and also uninstall certificates from there.
Desktop Sync
This version does not have a connection with the desktop computer. So it is not possible to use WP7 Root Tools to transfer files between the phone and the desktop. I hope to add this feature soon. Currently you can use other tools to get files onto your phone and then use WP7 Root Tools to move the files to the desired location. WP7 Root Tools has write access on every folder of your phone.
How to transfer files to your phone:
- Mail the file to yourself. Use your phone to go to your mailbox (not webmail). The attachment will be downloaded in the background. Then use WP7 Root Tools to navigate to \Application Data\Volatile\EmailAttachments\Attachments(number) . You have to look which attachment is the one you want. The filename may be changed. The extension is the same.
- If you have RTM or NoDo, you can install Davux' webserver on your phone. Configure a password in that webserver. The IP of the phone is visible in the webserver app. Browse to the phone like this: http://192.168.1.2/IsolatedStorage using the IP of the phone. Upload a file to the phone. Open WP7 Root Tools 0.5 alpha. Navigate to this folder: \Applications\Data\9BFACECD-C655-4E5B-B024-1E6C2A7456AC\Data\IsolatedStore\. There's your file. You can copy it to another location if you want.
- Use the Zune storage hack, described here and here. If you copied the files to your phone in this way, they will be located at \My Documents\Zune\Content in one of the subfolders. Again, the files here are renamed. You have to find the file you want and then rename it.
If you like this, hit the "Thanks" and/or "Donate to me" button.
Ciao,
Heathcliff74
Some screenshots:
Version history
0.1 - 2011/04/04 - Initial release: only registry-editor
0.2 - 2011/04/13 - Performance improvements and minor fixes
0.3 - 2011/04/14 - Bugfix in registry-editor
0.4 - 2011/06/14 - File browser added
0.5 - 2011/06/24 - File Explorer with basic file operations and certificate installer
0.6 - 2011/09/17 - Compatible with Interop-Unlocked Samsung Mango devices
0.7 - 2011/09/17 - Bugfix in registry-editor
History: http://forum.xda-developers.com/show....php?t=1021135
0 komentar:
Post a Comment