PocketMatrix

Mobile device developer community
http://pocketmatrix.com/forums/

Orange Smartphone App Signing Cracked

http://pocketmatrix.com/forums/viewtopic.php?f=5&t=9406

Page 1 of 1

Orange Smartphone App Signing Cracked

PostPosted: Jan 15, 2003 @ 12:28am
by Dan East
Some very simple techniques have been discovered to allow the Orange SPV Smartphone to run unsigned applications. Basically it involves making a couple minor changes to an xml file, hard resetting the phone, and tricking ActiveSync into allowing you to copy the modified files to the phone before the PIN is entered.

Obviously this requires modification to the client's phone, as opposed to the 3rd party applications themselves. At the very least it provides a method of using the hardware for software development.

The specifics are in this large thread:
http://www.modaco.com/smartphone/viewtopic.php?t=1899

Dan East

PostPosted: Jan 15, 2003 @ 4:20am
by sponge
Dan: Changing the XML file, and letting it go for 15 minutes are 2 different techniques. The former allows the Orange settings to stay on the phone, while the latter does not, it simply takes advantage of a bug (more like a logic flaw?) that keeps the user as manager, until the XML file is parsed. But otherwise, your right.

By the way, the PIN timeout seems to only work on certain devices from certain regions, worthy of nothing.

PostPosted: Jan 15, 2003 @ 5:01am
by angedelamort
Now that I'm thinking about that, The only persons who may want to hack it, are developpers lol. How ironical.

By the way, anyone heard about a new SM distributor in America? The last one (Sendo) sue M$ right now. Sendo will now use Symbian OS on their hardware like the Nokia.

PostPosted: Jan 15, 2003 @ 5:52am
by Dan East
Sponge, I was referring only to the first technique. The second appears to only work for French phones, and requires reconfiguring much of the phone manually.

angedelamort, I think there will be a very large number of regular consumers performing this modification. Several games have already been demonstrated to play fine on that hardware after the signing restriction has been removed.

Dan East

PostPosted: Jan 15, 2003 @ 10:01am
by Arisme

PostPosted: Jan 16, 2003 @ 2:14am
by Mike Wagstaff

PostPosted: Jan 16, 2003 @ 10:55am
by Arisme

PostPosted: Jan 17, 2003 @ 12:22am
by Mike Wagstaff

PostPosted: Jan 17, 2003 @ 12:40am
by randall

PostPosted: Jan 17, 2003 @ 7:40pm
by sponge
I agree with Mike (and I guess randall) here.. threat to cell phones! And this is a threat because..? Last I checked, a webpage, or other Smartphone-specific piece of data can't unlock the phone and start a virus. So where does rogue come into this?

I can understand flooders (though why a PC flooder ISN'T an evil horrible terrorist threat can't just be used is beyond me) but this article was bad- even for news.com
All times are UTC [ DST ]
Page 1 of 1
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/