05-01-2018 11:20 PM
423 ... 56789 ...
tools
  1. darrell reimer's Avatar
    Quick thing I want to discuss.

    An exploit for the Redstone SecureBoot stack has surfaced, and supposedly allows TestSigning to the bootmgr (previously we only had TestSigning post-boot). This means that we could possibly run self-signed EFI's, and therefore custom ROMs. This is currently applicable to all devices running Redstone (although not yet confirmed on Xbox One). As our phone is running Redstone with SecureBoot, this potentially applies to us. The exploit is very difficult for Microsoft to patch, because in doing so, they would ruin bootchain-passability (I made that up) for various legacy devices (for example, the most logical patch would make it impossible to boot into the recovery partition on a PC, or the flashing interface on a mobile device). It is likely that Microsoft will only be able to patch this exploit for devices that have been manufactured post-Redstone.

    TL;DR:
    There is a strong potential for being able to run custom ROMs on the Ativ SE in the near future.
    Very cool! You are very wise..o Jeemo!
    08-14-2016 01:08 AM
  2. Werentuckl's Avatar
    Okay. So I discovered something. Haptic feedback is still very much there. I know onscreen haptic feedback is at least there. Its just the WM10 that cant hook into it because we're using the updates for the Icon. Or the 930. Whichever, whoever, uses. And haptic feedback hooks into different registry values on there for it. Maybe if we tried the updates for 1520. Or some other device. But it also doesnt work for spoofing the 950's ID. So I have my reservations about that.

    Anyways, here is what I discovered. And it gave me just a little bit of a glimmer of hope. If anyone could make anything out of it. I would be welcome. If you type in the Nokia Field Test code, ##3282#, it installs/unhides Samsung's ATIV SE diagnostic app. Under the header of Daignosis_Hur81. Which is the internal codename for the device. This normally unavailable to us. And it this point I dont even know what we can do with it. But it brings up an onscreen keypad. Which has working onscreen haptic feedback. If we could somehow trace it back to where it hooks into for haptic feedback. We can have a better/clearer working understanding of the function, or lack thereof, for our Ativ devices.

    Atleast we have a working proof of concept now. That haptic feedback does work. In some form. Provided the right implementation.

    -- W
    08-14-2016 11:25 AM
  3. Jeemo's Avatar
    @Werentuckl, the Diagnosis app isn't useful to us once you've upgraded from 8.0 to 8.1. There was a vulnerability in the 8.0 version which allowed us to access the Samsung RPC (Remote Procedure Call) dll through it, but this was patched with the upgrade to 8.1. I haven't asked Wolf about this yet, but it's possible that his version of InteropUnlock for the SE uses a newly found vulnerability in the new Diagnosis app, but I am not sure. He may have found a vulnerability elsewhere. 5-6 months ago I sent him the original and updated versions of our Diagnosis app, in addition to all of our registry and provxml files that are used on a hard reset; the registry files are what his SE hack is based on, but I don't know if the new Diagnosis app is his method of implementation. Regardless, utilizing the Diagnosis tool requires an understanding beyond mine, and the only English-speaking people I know that could help are Wolf, Snickler, Titi, and a couple other people from XDA. Unfortunately, none of them have an Ativ SE, so they don't have much of an incentive to research such vulnerabilities.

    Edit: To clarify, using the Diagnosis app is simple; the codes for using it are all over XDA, and are also in some of our registry files (you can look through them in the InteropUnlock_SE pack if you don't have full system access on your SE). What's difficult is reverse engineering it to discover vulnerabilities, and then developing exploits for the vulnerabilities found.
    darrell reimer likes this.
    08-14-2016 02:12 PM
  4. Werentuckl's Avatar
    No, I understand what you're saying Jeemo. All I was saying was the observation that I noted. About the Diagnosis app still being able to demonstrate haptic feedback on our devices. Even in WM10. Whereas we dont see that being demonstrated anywhere else across the OS.

    But I appreciate the detailed and indepth reply. :)

    -- W
    08-14-2016 02:49 PM
  5. rmabwing5's Avatar
    On my daily driver, running 10586, I somehow lost ATIV Beam. Is there any way of getting it back without restoring the phone?

    What actually happened, for clarity, is ATIV Beam stopped opening up, no apparent reason why, so I "Uninstalled" it. So, now I want to get it back.

    - RW
    08-14-2016 06:44 PM
  6. Werentuckl's Avatar
    Isnt ATIV Beam for data sharing RW? Yup. It opens up just fine here. With the NFC toggles and all. Same for when it was on 10585.

    If I have it correctly. We just need to repackage it into an APPX for you. Somehow. Off a working device. To sideload. Yes?

    -- W
    Last edited by Werentuckl; 08-14-2016 at 07:29 PM.
    08-14-2016 07:17 PM
  7. rmabwing5's Avatar
    Isnt ATIV Beam for data sharing RW? Yup. It opens up just fine here. With the NFC toggles and all. Same for when it was on 10585.

    If I have it correctly. We just need to repackage it into an APPX for you. Somehow. Off a working device. To sideload. Yes?

    -- W
    My initial thought is yes, we would have to repackage into an APPX. I just don't know how. I'll do some learning from our friend Google. Also, it's used to send things like pics, vids, docs, and music from one phone to another just by tapping.

    Thank you, friend.

    - RW
    08-14-2016 07:40 PM
  8. Jeemo's Avatar
    @Werentuckl Ah, I see what you're saying. The main reason vibration isn't working is because the package we download (for the Icon) points to the Lumia driver for the vibration motor (our phone uses the default driver from Qualcomm I believe, which is what Diagnosis points to). Re-enabling haptic feedback for the buttons is very possible, however, since it is a system action, it requires full system access to adjust that registry key permanently. Even the InteropUnlock that we have available doesn't have the necessary privileges for that. The only solution would be to adjust it in the install reg files (like OEMSettings.reg and the related provxmls), but this would require a hard reset to work. I can guarantee that I will have this working when I come up with a new tutorial (or ROM) for the device.

    @rmabwing5 the Ativ Beam package uses interopservices, so you would need InteropUnlock to deploy it (as well as a modified/third-party deployment tool). If someone were to repackage it as an appxbundle (which could be done in visual studio if someone were able to decompile the xap), you could deploy it on the device from Interop Tools (the version that was released a few days ago).

    Quick update: @krazyatom has offered me a generous deal on a Lumia Icon, which I will be putting my SIM card into once it arrives later this week. This means I'll be doing more intensive work on my SE. I will have a new tutorial to confirm, and will provide instructions for extra things such as permanent InteropUnlock. The first thing I'm doing with the SE will be getting admin command-line access via SSH (already capable on Lumias thanks to Interop Tools, and the Ativ S thanks to Snickler (which will be the basis of my process)). Once I have command-line access, I will be testing Wack0's SecureBoot exploit (he's releasing a mobile version of it this week), and related resources. Good things are coming. If the process to do all of this is easily reproducible via a tutorial, this will open new doors. One step closer to custom ROMs which are already interop-unlocked and ready to continue receiving OTA updates.
    darrell reimer likes this.
    08-14-2016 11:45 PM
  9. darrell reimer's Avatar
    I got a confirmation by MS agent regarding that. Preview for Devs app has been pulled out from store. It seems that P4D's functions are merged into Insider app - thus the old one was removed.

    Unfortunately, you can only install xap manually when the app is still available on the store too. So you can't install the app unless it come back to store.

    Since all the apps listed are gone away CustomWPSystem isn't able to use currently.
    I just reset one of my phones back to 8.0, then 8.1...and Preview for Developers was IN the Windows 8 store; I downloaded/installed and moved it to my SD card; then did all the usual processes/steps, and i'm now up and running 1607 14393.67
    08-15-2016 12:52 AM
  10. Werentuckl's Avatar
    What deal did you get for the Icon Jeemo? You did say very generous. Just curious. :)

    And I take it then, its going to be a lot of working around to get RW's ATIV Beam back. Am I correct. My understanding was the same, that we would need to extract, decompile, and repackage the Appx as well. Over Visual Studio. What I did not know was that RW would need an InterOp Unlock too for it, to be able to deploy it. On an interesting note. XDA had some people working on an App extractor, or some such thing, over WP7 and/or WP8. Would hunting for something similar yield in any luck whatsoever? Also, the app shows up in the app store for me RW. I take it that it does not for you then?

    And Darrell, since you reset all the way back to WP8.0, can you confirm if there was a stock app by the name of WatchOn by Samsung installed? That was/is sadly the only app in the Windows Store capable of using/exploiting the IR blaster on our phones. I have been unable to locate it anywhere despite the best of my efforts.

    Ah, and now I finally understand the issue with vibration and haptic feedback. I had similar suspicions. But no concrete evidence or understanding of the cause behind it Jeemo. Now that I do, and that you've brought it up. I'm wondering if flashing a custom rom or developing one, would be a good idea or not, as there is already a working pathway to official upgrades. Does that make sense?

    -- W
    08-15-2016 10:39 AM
  11. darrell reimer's Avatar
    I lost brightness control from action center and in settings. had to reset :/
    14393.67
    Same with me; brightness is all wonky....
    08-15-2016 11:01 AM
  12. Werentuckl's Avatar
    I can testify to wonky brightness. On that note. I havent hard reset once yet since Threshold. So there is that too. I've been waiting for RS RTM or official release to go down that route. So keeping my fingers crossed for that. Lets see what happens. :/

    -- W
    08-15-2016 11:57 AM
  13. Jeemo's Avatar
    Just a heads up, doing a hard reset on 14393 was without a doubt a good choice. It will fix those issues. You should wait until Anniversary Update is officially released to mobile (probably tomorrow), so you don't have to deal with registry editing.

    Darrell, yes, PfD is still in the store if your device is running 8.0. My new tutorial will not be using that, though, as Wolf's new hack utilizes apps that are built into the phone (and therefore have OEM-related capabilities, in addition to InteropServices). Also, his hack can be modified to be a permanent unlock (which will be part of the tutorial).

    Werentuckl, maybe not, I have a few more ideas for him. And regarding custom ROMs, I definitely think it's a good idea once we have a way of doing so. Permanent unlocks, capabilities completely removed (which gives access to all capabilities, essentially), removed bloat, replacing the built-in 8.0 apps with their win10 equivalent (like Facebook Beta, for example), as well as modifications that would prevent Insider upgrades from changing registry keys that point to the Samsung-specific drivers. More importantly, a tutorial that gets everyone the ability to flash a custom ROM will make future tutorials significantly easier. If everyone is running the custom ROM, then whoever is making the tutorial can assume that the most essential changes have already been made (such as interop unlock and capability unlock), therefore making the tutorial shorter and easier to comprehend.

    @rmabwing5 Here's the link for ATIV Beam in the store: http://forums.windowscentral.com/e?l...token=16RY9HpR
    It probably wont let you download it because the store thinks you have a Nokia Lumia Icon. If you change your registry values back to Samsung and SM-W750V, you should be able to download/install it from the store. Regardless, if all you need is NFC sharing, there are other apps in the store that are faster and have more features than ATIV Beam (including apps built for Windows 10). If you need to change your registry keys, enable developer mode in settings, and install Interop Tools from your phone. I'll link the newest version:
    https://t.co/7qOwVYd1Mb
    You need the file that ends with arm.appxbundle, as well as the dependencies folder. Enable developer mode in settings, navigate to the dependencies folder in file explorer, install the 4 dependencies 1 at a time (wait 30 seconds between installs), and then install the arm.appxbundle of Interop Tools.

    Just a quick note, Snickler's new method of getting a remote SSH command-line session working is being integrated into Gus' next version of Interop Tools (probably released this week). This will make the permanent unlock tutorial much easier.

    Edit: VCFan (who made one of the original registry editors for the Lumia RPC dll on 8.1/10) just left this note on XDA:
    "i may have found a way to get all privileges. i have code running now with mostly everything including SeTcbPrivilege"
    I assume his method requires the hack that's available for the Lumia RPC dll, however, once we have CMD access we should be able to make the same changes. There will be big steps forward for our phone over the next month. I'm pretty excited.
    Last edited by Jeemo; 08-15-2016 at 06:02 PM.
    darrell reimer likes this.
    08-15-2016 02:22 PM
  14. darrell reimer's Avatar
    What deal did you get for the Icon Jeemo? You did say very generous. Just curious. :)
    And Darrell, since you reset all the way back to WP8.0, can you confirm if there was a stock app by the name of WatchOn by Samsung installed? That was/is sadly the only app in the Windows Store capable of using/exploiting the IR blaster on our phones. I have been unable to locate it anywhere despite the best of my efforts.


    -- W
    Yes W; WatchON was installed!
    wp_ss_20160815_0001.jpg
    08-15-2016 06:19 PM
  15. darrell reimer's Avatar
    I can testify to wonky brightness. On that note. I havent hard reset once yet since Threshold. So there is that too. I've been waiting for RS RTM or official release to go down that route. So keeping my fingers crossed for that. Lets see what happens. :/

    -- W
    My brightness fixed itself after 3 phone restarts
    Quick question: has someone figured out the settings for fixing the tethering/mobile hotspot feature on our phones?
    08-15-2016 06:23 PM
  16. rmabwing5's Avatar
    My brightness fixed itself after 3 phone restarts
    Quick question: has someone figured out the settings for fixing the tethering/mobile hotspot feature on our phones?
    Darrell, I have instructions on the first page of this thread on how to enable hotspot. The Root Tool instructions are confirmed to work on my daily driver, but the WPH Tweaks have not. I can't try on my test phone because I don't have it hooked into a cell plan.

    - RW
    08-15-2016 07:16 PM
  17. darrell reimer's Avatar
    Darrell, I have instructions on the first page of this thread on how to enable hotspot. The Root Tool instructions are confirmed to work on my daily driver, but the WPH Tweaks have not. I can't try on my test phone because I don't have it hooked into a cell plan.

    - RW
    Thx!!

    Yes! It works; super; thanks RW!!!
    Last edited by darrell reimer; 08-15-2016 at 08:56 PM.
    08-15-2016 07:36 PM
  18. Werentuckl's Avatar
    Could you see if WatchOn still does anything Darrell? I'm curious now. :)

    -- W
    08-16-2016 12:20 AM
  19. darrell reimer's Avatar
    Could you see if WatchOn still does anything Darrell? I'm curious now. :)

    -- W
    I've tried a number of things, but keep getting this error:
    wp_ss_20160816_0001.jpg
    08-16-2016 10:52 PM
  20. Jeemo's Avatar
    Alright it's time for an update. I received the Icon earlier today, and it's finally fully setup to use as my daily driver. I just finished flashing my SE back to stock 8.0. Overnight I will be upgrading to 8.1.1, the slowest way possible. Each time there's a device update, I will let all apps finish updating before installing the device update. Once I get to 8.1.1 (and everything has updated), I will do a hard reset. Then I will let everything update again. This is the state that my device will be in when I start further testing tomorrow. Looking forward to going back down the rabbit hole.

    If you want to help with testing or if you are unable to upgrade to Windows 10, please make sure your device is in the same state as mine. PLEASE UNDERSTAND THAT IT WILL TAKE AN UNKNOWN AMOUNT OF TIME BEFORE I HAVE ANY TUTORIALS OR APPS FOR YOU TO TEST. DO NOT DO THIS IF YOU ARE EXPECTING TO HAVE SOMETHING TO TEST WITHIN THE NEXT WEEK. DO NOT DO THIS IF THE ATIV SE IS YOUR ONLY PHONE OR YOUR DAILY DRIVER. Whenever there is a mistake, or if something doesn't work, I have to go back to 8.0 and start again from scratch. That makes this a time-consuming project (thankfully most of that time is unattended installs/updates). Getting a new tutorial with or without a SecureBoot exploit can take anywhere from 2 days to 2 months. Use your own discretion.
    08-18-2016 01:58 AM
  21. darrell reimer's Avatar
    Hey guys - is there any way to get 'Glance Screen' working on our Ativ SE? I like how it works on my Lumia 830; on our Samsung phones, when I 'wake it up' to see the lock screen, if I don't touch anything, after about 3 seconds, the screen dims for just another second or two. Is there some way to keep this 'dimmed' lock screen alive?
    08-19-2016 06:52 PM
  22. rmabwing5's Avatar
    Okay guys, I now have Redstone on all my devices. If you follow my tutorial on the first page, you will end up getting Redstone now, build 14393.82. I'm updating my test phone to Redstone 2, build 14905.1000. I'm still on RP Ring on my daily driver and my wife's daily driver. My test phone is set to FR. I believe 10586 is now defunct. I will update it to reflect Redstone (1) and Redstone 2 but the only difference that I can see now is Redstone is on RPR and possibly SR and Redstone 2 is on FR.

    Jeemo, any ideas on how we should proceed with our tutorials?

    - RW
    08-20-2016 12:16 AM
  23. rmabwing5's Avatar
    Hey guys - is there any way to get 'Glance Screen' working on our Ativ SE? I like how it works on my Lumia 830; on our Samsung phones, when I 'wake it up' to see the lock screen, if I don't touch anything, after about 3 seconds, the screen dims for just another second or two. Is there some way to keep this 'dimmed' lock screen alive?
    Did you try downloading it in the Store?

    - RW
    08-20-2016 12:31 AM
  24. Jeemo's Avatar
    Jeemo, any ideas on how we should proceed with our tutorials?

    - RW
    You'll have to decide that for yourself. My tutorial will be including things that people won't want to do if they just want to get stable redstone, and it's going to be a couple weeks before I get anything written.

    Edit: Just read the new tutorial, looks great. Awesome organizing. Quick note, for the Windows 10 registry settings section, you should link to this as well:
    https://mega.nz/#F!iZMhSSzI!sGQy4V12ubfvT8Abm2Uo1g (he updates that link to the new version when he updates)
    Enable Developer Mode in settings, install the files in the arm dependencies folder 1 by 1 either on the phone or using Device Portal, install the main arm app. Blows away Root Tools and wphTweaks. I do understand that they already have those installed, but they should be using Interop Tools on 10.
    Last edited by Jeemo; 08-20-2016 at 03:35 AM.
    08-20-2016 03:08 AM
  25. Jeemo's Avatar
    Hey guys - is there any way to get 'Glance Screen' working on our Ativ SE? I like how it works on my Lumia 830; on our Samsung phones, when I 'wake it up' to see the lock screen, if I don't touch anything, after about 3 seconds, the screen dims for just another second or two. Is there some way to keep this 'dimmed' lock screen alive?
    Glance Screen (haven't tested myself, let us know):
    [App][Source] DHT Upgrade Advisor (Get redstone on old lumias) - Post #191
    I don't think the display type on the SE supports backlight to be controlled on individual pixels; it may use more battery.

    Double Tap To Wake (also not tested by myself):
    Windows phone 8, 8.1 & 10 registry hacks - Post #418

    Lockscreen dim, not sure. I added it to my to do list though, i'll check it out when I get to deeper work
    08-20-2016 03:16 AM
423 ... 56789 ...

Similar Threads

  1. Replies: 2
    Last Post: 06-25-2016, 07:38 AM
  2. How can I use an .exe program with Win 10 Mobile?
    By Extea in forum Windows 10 Mobile
    Replies: 8
    Last Post: 06-13-2016, 01:04 PM
  3. Titanfall 2 single-player campaign revealed in jaw-dropping new trailer
    By WindowsCentral.com in forum Windows Central News Discussion
    Replies: 0
    Last Post: 06-12-2016, 02:11 PM
  4. Follow Windows Central for all the best from E3 2016!
    By WindowsCentral.com in forum Windows Central News Discussion
    Replies: 0
    Last Post: 06-12-2016, 12:42 PM
  5. not able to connet Wi-Fi in lumia 920
    By Windows Central Question in forum Ask a Question
    Replies: 1
    Last Post: 06-12-2016, 12:22 PM
LINK TO POST COPIED TO CLIPBOARD