Главная » Linux

Windows phone rooting tool

Содержание
  1. Впервые создана утилита для получения root на Windows Phone
  2. Xakep #263. Кредитки в опасности
  3. Windows phone rooting tool
  4. Windows phone rooting tool

Впервые создана утилита для получения root на Windows Phone

Xakep #263. Кредитки в опасности

ИБ-исследователь, известный в сети под именем HeathCliff, доказал, что устройства с Windows Phone тоже можно взломать. Хакер выпустил собственную утилиту, которая позволяет разблокировать бутлодеры смартфонов Microsoft, получить полный доступ к устройству и установить кастомную ROM.

HeathCliff – личность небезызвестная, он своего рода легенда форумов XDA Developer. В частности, он знаменит как автор WP7 Root Tools.

Программа, созданная хакером, получила имя Windows Phone Internals. Она совершенно бесплатна, хотя HeathCliff положительно относится к пожертвованиям. Утилита поддерживает большинство устройств на базе Windows Phone 8.1 и Windows 10 Mobile.

Что позволяет сделатьWindows Phone Internals:

  • разблокировать бутлодер некоторых моделей Windows Phone и получить root-доступ;
  • загружать кастомные и сторонние приложения с высокими привилегиями, в обход песочницы;
  • создать резрвный образ смартфона, а также получить доступ к файловой системе в режиме Mass Storage;
  • установить кастомную ROM.

Видеоролик ниже демонстрирует все перечисленные трюки, в исполнении самого автора программы.

Утилита работает со следующими моделями смартфонов Lumia.

  • Lumia 520, 521 и 525
  • Lumia 620, 625
  • Lumia 720
  • Lumia 820
  • Lumia 920
  • Lumia 1020
  • Lumia 1320

HeathCliff предупреждает, что закончив с экспериментами и настройкой системы, лучше вернуть всё как было, то есть отменить root. Хакер предупреждает, что полностью разблокированный Windows Phone может стать легкой мишенью для вредоносного ПО и хакеров.

Windows phone rooting tool

Новая версия — WP7RootTools_0.5_alpha.xap ( 648,53 КБ )

In this version I implemented the basic file-operations and a certificate installer.

You might wonder why I created a certificate installer, because it is already possible to add certificates. When you email a certificate to yourself and tap that attachment, WP7 will install it. But if you install like this, the certificate will always be installed in the «Root» certificate store. With my certificate installer you can also install in «CA», «My» and «Code Integrity» stores. This may be very useful for hacking attempts. You can install a certificate by browsing to the «.cer» file and tap it. The possibilities for getting a certificate file on your phone will follow below. If you start installing certificates on your phone you should consider making backups in advance. I once experienced Zune going totally bezerk after installing certs. Zune took 100% and lost connection with the phone all the time. Everything was back to normal when I deleted the certs. In this version there is no view on the certificate stores available yet. In a future version you will be able to view the contents of all the certificate store and also uninstall certificates from there.

I specifically mentioned that this version has basic file-operations, because not everything is implemented. This is what you can do:

— Cut / Copy / Paste / Delete / Rename single files
— Delete empty folders
— Create new folders

This is what you can’t do (will be possible in later versions):

— Cut / Copy / Paste multiple files or entire folders
— Delete folders with content
— Rename folders

Last, but not least: I fixed some performance issues. Mainly memory-leaks in native code and in COM interop. I’m not sure if I got all leaks now, because it’s not easy to do native C++ without debugger and profiler. But improvement is clearly noticeable.

This version does not have a connection with the PC. So it is not possible to use WP7 Root Tools to transfer files between the phone and the PC. You can however, use other tools to get files onto your phone and then use WP7 Root Tools to move the files to the desired location. WP7 Root Tools has write access on every folder of your phone.

How to transfer files to your phone:

Читайте также:  Системный журнал windows по сети

Mail the file to yourself. Use your phone to go to your mailbox (not webmail). The attachment will be downloaded in the background. Then use WP7 Root Tools to navigate to \Application Data\Volatile\EmailAttachments\Attachments(number) . You have to look which attachment is the one you want. The filename may be changed. The extension is the same.
Install Davux’ webserver on your phone. Configure a password in that webserver. The IP of the phone is visible in the webserver app. Browse to the phone like this: http://192.168.1.2/IsolatedStorage using the IP of the phone. Upload a file to the phone. Open WP7 Root Tools 0.5 alpha. Navigate to this folder: \Applications\Data\9BFACECD-C655-4E5B-B024-1E6C2A7456AC\Data\IsolatedStore\. There’s your file. You can copy it to another location if you want.
Use the Zune storage hack, described here and here. If you copied the files to your phone in this way, they will be located at \My Documents\Zune\Content in one of the subfolders. Again, the files here are renamed. You have to find the file you want and then rename it.

Сообщение отредактировал alex — 26.06.11, 16:47

With this tool you get root-access to parts of your WP7 device. This version contains a registry-editor, a file-explorer with basic file-operations and a certificate-installer with write-access to the certificate-stores. You might wonder why I created a certificate installer, because it is already possible to add certificates. When you email a certificate to yourself and tap that attachment, WP7 will install it. But if you install like this, the certificate will always be installed in the «Root» certificate store. With my certificate installer you can also install in «CA», «My» and «Code Integrity» stores. This may be very useful for hacking attempts. You can install a certificate by browsing to the «.cer» file and tap it. The possibilities for getting a certificate file on your phone will follow below. If you start installing certificates on your phone you should consider making backups in advance. I once experienced Zune going totally bezerk after installing certs. Zune took 100% and lost connection with the phone all the time. Everything was back to normal when I deleted the certs. In this version there is no view on the certificate stores available yet. In a future version you will be able to view the contents of all the certificate store and also uninstall certificates from there.

I specifically mentioned that this version has basic file-operations, because not everything is implemented. This is what you can do:

— Cut / Copy / Paste / Delete / Rename single files
— Delete empty folders
— Create new folders

This is what you can’t do (will be possible in later versions):

— Cut / Copy / Paste multiple files or entire folders
— Delete folders with content
— Rename folders

This version does not have a connection with the PC. So it is not possible to use WP7 Root Tools to transfer files between the phone and the PC. You can however, use other tools to get files onto your phone and then use WP7 Root Tools to move the files to the desired location. WP7 Root Tools has write access on every folder of your phone.

How to transfer files to your phone:

Mail the file to yourself. Use your phone to go to your mailbox (not webmail). The attachment will be downloaded in the background. Then use WP7 Root Tools to navigate to \Application Data\Volatile\EmailAttachments\Attachments(number) . You have to look which attachment is the one you want. The filename may be changed. The extension is the same.
If you have RTM or NoDo, you can install Davux’ webserver on your phone. Configure a password in that webserver. The IP of the phone is visible in the webserver app. Browse to the phone like this: http://192.168.1.2/IsolatedStorage using the IP of the phone. Upload a file to the phone. Open WP7 Root Tools 0.5 alpha. Navigate to this folder: \Applications\Data\9BFACECD-C655-4E5B-B024-1E6C2A7456AC\Data\IsolatedStore\. There’s your file. You can copy it to another location if you want.
Use the Zune storage hack, described here and here. If you copied the files to your phone in this way, they will be located at \My Documents\Zune\Content in one of the subfolders. Again, the files here are renamed. You have to find the file you want and then rename it.

Читайте также:  Mac os 64 bit или 32 bit

This tool is in alpha stage. That means that it is not feature complete and it is not yet properly tested. This tool also provides you with high privileges with which you can alter low level settings and data on this device. All this may result in unexpected and undesired behaviour, which may ultimately damage your device. Use this tool with care and use it at your own risk. The developer of this tool cannot be hold responsible for any kind of damages, caused directly or indirectly by using this tool.

The current version of this tool can only be used on Samsung devices. A small part of the code uses Samsung-specific functionality. The performance of the tool may sometimes be slow. This is the result of the way access to the system is elevated. The next version of WP7 Root Tools will run on more devices, like HTC and LG. Also the access is elevated more directly.

To install this you need a developer-unlocked Windows Phone 7 device with RTM, NoDo or Mango. So as long as your device is developer-unlocked, it is not necessary to downgrade first. For questions about unlocking your device, please refer to the appropriate threads.

The next version will also provide Root Access for selected apps. First WP7 Root Tools needs to get Full Root Access. Then WP7 Root Tools will be able to provide Full Root Access for other apps. These apps don’t need any device-specific DLL’s at all. Once your app is provided with Full Root Access, you can use any native or managed API you want. For native DLL’s you will need to follow the guide I will write later on. You can also use the SDK I will create later, but that is just to make it easier. Using the SDK is mandatory. BUT. For WP7 Root Tools to get Full Root Access I still need device-specific exploits. As of now I have the necessary exploits for Samsung, HTC and LG. So your app will only work on these devices. Because the users will need to install WP7 Root Tools to give your app Full Root Access.

A very big thank-you goes out to YukiXDA. Unfortunately he has left the scene. We’ve been in close contact with eachother for a period of time and we learned from eachother. I found some of the exploits, thanks to him! I also want to thank fiinix for helping with the research. And also everyone else who has helped me with testing!)

Сообщение отредактировал Alex — 17.09.11, 17:52

Windows phone rooting tool

Благодаря программе Windows Phone Internals стала возможна разблокировка загрузчика на смартфонах Nokia/Microsoft Lumia с Windows Phone 8 и новее.

2.9.7393.18819 и ниже на устройствах с загрузчиком Spec A требуют дополнительный FFU от 50 серии. 2.9.7418.37134 и выше — пока неизвестно.

процессоры Snapdragon S4, 400 MSM8230AB

Модели Lumia с данным загрузчиком:

  • 810 (на 8.0 не разблокируется — обновите до 8.1 этими файлами и отпишитесь о результате)
  • большинство 20 серии: 520, 521, 525, 526, 620, 625, 720, 820, 822, 920, 925, 928, 1020/909, 1320

Процесс разблокировки:

  1. Качаем WPInternals последней финальной версии (с оф. сайта, а не тестовую из телеги), на момент написания это 2.8;
  2. Качаем WDRT (DL) / Nokia Care Suite (DL) (он установит драйвера вашего телефона);
  3. Если ваш телефон на версии ОС ниже, чем 8.10.14219.341, крайне рекомендуется обновить через OTC Updater с фиксом.
    Это сделает телефон как совместимым с бо́льшим числом приложений, так и готовым к обновлению до Windows 10 Mobile. Также на некоторых моделях может слететь разблокировка при обновлении ОС (например на 1020), либо при наличии рута обновление может не установиться (например на 520) ;
  4. В папке WPInternals создаём папку Loaders, туда кидаем файлы из архива:
    • Для большинства устройств: Hex_loader.zip ( 1,18 МБ )

      Для 925 : lumiafirmware, Lumia_925_hex.zip ( 175,68 КБ )

    • Для 822 : Lumia_822_hex.zip ( 4,97 КБ )

  5. В папке WPInternals создаём папку SBL3, туда кидаем файлы из архива:
    • SBL3_NoBuggy62x.zip ( 1,07 МБ )

  6. Берём файл прошивки (FFU) в одном из следующих мест:
    • вкладка Download в WPInternals;
    • lumiafirmware (ищем по Product code);
    • если ранее прошивали с помощью WDRT — C:\ProgramData\Microsoft\Packages\Products;
    • Сборник официальных прошивок.

  7. Запускаем WPInternals, заходим в Unlock bootloader, указываем по очереди нужные файлы:
    1. FFU;
    2. Loader (папку, нужный файл программа выберет сама);
    3. SBL3 (для 52x/62x/720/1320 от 520, для 928 от 920/925).

  8. Жмём кнопку continue, ждём и радуемся. Даём ОС полностью загрузиться хотя бы раз.
  9. Если нужна установка приложений на WP8.x, получаем рут или интероп (см. Неофициальные разблокировки).

Оригинальная инструкция от v1p3rrrrr, на основе которой написана эта

процессоры Snapdragon 2xx, 4xx (кроме MSM8230AB ), 8xx

Модели Lumia с данным загрузчиком:

  • 1520, 929/Icon
  • вся 30 серия: 430, 435, 530, 532, 535 ( см. Баги, п. 5 ) , 630, 635, 636, 638, 730, 735, 830, 930
  • вся 40 серия: 540, 640, 640 XL
  • вся 50 серия: 550, 650 ( см. Баги, п. 8 ) , 950, 950 XL

Процесс разблокировки:

    1. Драйвера для прошивки
      Возможно, скачаются Виндой автоматически, но лучше поставить WDRT (DL) / Nokia Care Suite (DL) для уверенности.

  1. Прошивка вашего телефона в формате FFU
    Источники:
    • вкладка Download в самом WPInternals
    • lumiafirmware
      Product code смотрим в WPInternals, вкладка Info.
      Для 50 серии берём прошивку с поддерживаемой версией ОС: 10.0.10586.107/318/494.
    • Если ранее прошивали аппарат через WDRT, можно взять сохранившуюся прошивку по пути: C:\ProgramData\Microsoft\Packages\Products.
      Минус — если у вас 50 серия, может быть неподдерживаемая версия ОС (тогда качаем поддерживаемую с lumiafirmware).
    • Сборник официальных прошивок

  2. EDE-файл
    Источники:
Оцените статью
© 2024 Советы по настройке компьютера