archiveren

Tagarchief: wp7

So, we’ve bought a nice Sony Bravia TV (W6), featuring the today’s “default networking” options.

But I want to control it from my Windows Phone 7 device πŸ™‚
(ofcourse!)
The current sony bravia compatible apps, don’t actually work on the new generation… So, we’re figuring out how and what the 2013 models are actually capable off!

So, where to start…
Sony has it’s own official app for android, and everything works fine…
When you combine this with WireShark, or at least tcpdump, this gives a very nice insight in what happens.

So, after trying some things out on my tablet, I started analysing the results from tcpdump.

First results came out like this: http://mendelonline.be/sony/sony.txt

A rest interface listens on an http-webserver, while upnp-traffic goes on 52323.

Using a rest client, https://addons.mozilla.org/En-us/firefox/addon/restclient/, you can run some commands, and simulate the commands from above
restclient

Next in the house comes Intel’s Device Spy for UPnP technologies, or a more up to date versions from https://sites.google.com/site/opensoftwareprojects/dev-tools-for-upnp

upnpspyAnd there you notice the function “X_SendIRCC”.
This in combination with the commands we found above enables us to do what we want πŸ™‚

For the moment I’ve teamed up withΒ etrosce from BraviaControl and Falco from Sony Virtual Remote Control to figure out what’s going on!
Sony Virtual Remote Control actually works (it has a cached version of the earlier found commands),
So, if we can “port” it somehow to WP7, things would be cooool πŸ™‚

Anyway, I’ll keep you posted!

Advertenties

Your Windows Phone is made in a factory (mostly somewhere in Asia).
The manufacturer of the product is called the “Original Equipment Manufacturer”

In the case of Windows Phone, this could be “Samsung”, “Nokia”, “HTC”, …

These manufacturer all play a different part in the Windows Phone Ecosystem.
And each are given a separate section in the Marketplace as well.
If you buy a Samsung Phone you can access the “Samsung Zone”, if you buy a Nokia you can access the “Nokia collection”.

And, of course, if you jailbreak your phone, you can access everything πŸ™‚

The configuration is stored somewhere inside the Registry. (yes, WP has a register…)

If you install a random regeditor like WP Root Tools, you can browse into it!

The key we’re interested in, is the following:

HKLM\System\Platform\DeviceTargetingInfo\OemName
HKLM\System\Platform\DeviceTargetingInfo\MODeviceName

Which can, for example, be modified into “NOKIA” and “Lumia 800” πŸ˜€

Apps to automate the market selection are available from XDA and bazaar πŸ™‚

Screen Capture

  • First of all, you can’t play with this unless your phone is completely unlocked. Since the new version of the wp marketplace, all xap files are completely encrypted. So you can’t download them, and unzip them as before…
  • Second of all: this is only a very basic post on this matter, but it’s a good start for more πŸ™‚

Well, let us start with a random no-name application.
You’ll need a .net decompiler as well! Just google one πŸ™‚
I’ll use ilspy because it’s fast and portable πŸ™‚

Here you can read some things about how wp7 trials CAN work, using the istrial() method.
This function is added, making sure the xap you’ve downloaded is the trial version.
Developers are given the choice on the marketplace to upload two different versions of any application: a trial version and a “full/paid” version.

Next, you’ll need the wp7 app (or parts from it) on your computer.
As mentioned earlier, Microsoft now encrypts the entire xap file (which I don’t blame them for). So we’ll have to install the app on the phone and copy the necessary files from our phone to a desktop computer πŸ™‚

You can do this using a file managers. I used the “root webserver” application to download some dll’s from my phone to my computer.
Just fire up a browser, or even a WMDC/USB connection, browse to \Applications\Install\*applicationid*\Install\, and take a look around. This is the place you applications are actually stored.

So, when you’ve got your dll-files, open them in your decompiler!

Next, the real “hacking” begins. Take your time to examine the source code, and find a way to exploit it πŸ˜›
If you can write an application, you can read one as well πŸ˜‰ (reading is not always easier than writing πŸ˜‰ )

You’re looking for a boolean value, or a method you can bypass, or something you don’t like that you want to disable (or want to enable!)

In our example we find the method istrial(), which pretty much says it all…
You notice the code is a bit obfuscated, again to make it a bit harder for you like hashsums, dynamic memory allocation, … I’ll blog about this subject later πŸ˜‰

If we let this function always return “true”, we’re done already.

This gives the biggest challenge: making it actually work. This “easy” method described above definitely won’t work in all cases. Most of the time there are more functions and checks you’ll need to bypass.

Maybe in another part of the dll there’s a piece of code checking the date. You can adjust that specific call, always returning a day in 2017.
Or even funnier, maybe there is a config file with a boolean “istrial”, and you can change it to “false”, and you’re done as well.

Be creative!

To wrap up: you decompile the dll completely. Open the result in visual studio, just change the stupid line to always return the boolean value “true”, compile the new dll and you put that back onto your phone!

This posts only describes a very basic technique in .net for wp7, but at least it gives you an idea how to start exploring the wonderful world of reverse engineering, and you can go WAY deeper. Start google’ing about software instrumentation (extremely cool technique), disassemblers (bypass loops in x86 assembly code), debuggers, hex editors and you’ll probably never stop reading.

Maybe I’ll write something about reverse engineering pc apps as well πŸ™‚

the story

Something I believe is really useful on a mobile device, is a portable network scanner.

I’ve got this on my android tablet (currently using “Fing“) and sometimes this comes in handy (especially on mobile devices because of their lack on native network discovery abilities)

So I started my search on the WP7 marketplace.
There are a couple of apps promising “ping”-like functions on the WP7 platform.
But after testing them one by one, they all failed…
A couple of them created the impression that they worked, but in the end they didn’t…

So, let’s create our own πŸ™‚

so, some background.

According to wikipedia, Ping is created in 1983 and is used to check network connectivity.
When you “ping” a network devices, it “pongs” back (replies), and you know it’s available to
communicate with you.

Ping is based on ICMP echo requests.
ICMP on it’s turn is defined in RFC 792 of the IETF
Its an OSI layer 4 function, and works on top of IP.

So, basically, if we want to create our WP7 network discovery app, we need to create an IPv4 packet, put in a ICMP request, and broadcast it around. πŸ™‚

a bitter reality

In .net 4.5, you have the “ping” class.
This is an incredible easy way of achieve our target.

But it’s not part of the “mobile” silverlight based SDK for wp 7.1…

damn…

The other way around: what do we have.
Since 7.1 (Mango) we have sockets!
A nice explanation is written here at msdn.

What if we want to craft our own ICMP packet?
You just need a byte array, put it in an IP packet, and solved!

Anyway, you can spawn a network socket with multiple arguments.

Socket sock = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);

AddressFamily:ip4, ip6, unspecified or unknown
SocketType: stream (tcp) dgram (udp) or unknown
ProtocolType: tcp, udp, unspecified or unknown

And of course, unspecified and unknown is not supported on WP7.
So,we only have tcp and udp available…

No ICMP or even RAW as in the full desktop version of a socket

Stuck again…

Some guys on the internet say ping should work with tcp/udp on port 7…
Knowing this can’t actually work, I experimented with it anyway.

Result: udp doing nothing – tcp replying sometimes (absolutely not trustworthy)

Any suggestions from somewhere? Is it even possible using only TCP/UDP/WP7?

‘cause I’m out idea’s…

Mark the 26th of September in your calendar, ‘cause a part of the world will die πŸ™‚

The part of me being a WP7 developer πŸ™‚

(some people will actually laugh now, thank you matsoo…)

But anyway, I’m not really planning to pay 75€ to have a few apps in the marketplace I’m giving away for free.
Especially because this 75€ is annually… (my windows license is cheaper than that…)

The really big downside: my apps will be removed from the WP7 marketplace… 😦

Maybe if someone reads this, and actually likes my apps, please comment on this blogpost, maybe I’ll reconsider…

I had some comments on my apps, thanks for the support you guys!
I’ll upload the xap’s to the internet, if your phone is unlocked, you can still use them!

My 5th wp7 app just went live πŸ™‚

Its purpose: sending a text message from your browser!

Download the application from the WP marketplace, login, take another device (desktop, laptop, tablet, another phone, …) and browse to http://mendel.somee.com (my current free asp host πŸ™‚ ), login with the same credentials as before, type your message, send it to your phone, and send it again! πŸ™‚

This makes you can write an entire book-long message, on another device (maybe even with physical keyboard πŸ™‚ )

More info on the SMSer project page: https://mendel129.wordpress.com/projects/smser/