next best geek

WP 7 Mango and ProtectedData – Reminder

Posted on Day 149 in 2011 by Tobias Mueller

Just a reminder for you folks out there: The new ProtectedData wrapper for DPAPI in WP 7 “Mango” Release won’t help you against guys who got phyisical access to your device.

It looks like ProtectedData uses the ProductID of the installed application as a key. The key will stay the same with updated versions of your application therefore you can just fake an application update and get access to even protected isolated storage content for free.

Please see attached VS2010 – WP7 “Mango” Release Sample file used as a Proof-Of-Concept. Steps for PoC:

Deploy & Start AppA
Click on “Write” Button, click on “Read” Button to make sure the current Time got written correctly
Stopp AppA (don’t uninstall it!)
Deploy & Start AppB (notice AppB replaced AppA in Windows Phone’s application launcher)
Click on “Read”
The shown data is the data written by AppA read from a completely different application.

And, yes, you have the possibility to add additional entropy but that does not solve the underlying problem. Entropy, as far as I understood it, will only help against clear-text or brute force attacks.

Sample solution: DPAPI

Posted in Uncategorized | Comments Off

First Marketplace app released ;)

Posted on Day 115 in 2011 by Tobias Mueller

Have just released my first marketplace app, yeaaahhhh.

More information: http://www.nextbestgeek.com/cheap-call-wp7/

Posted in Uncategorized | Comments Off

Version and compile date in about screen

Posted on Day 110 in 2011 by Tobias Mueller

Want to show your user version and compile date in your about box without always modifing them somewhere in your code? Here’s your answer.

Use the default project properties (right click on the project -> properties, select Application tab, click on Assembly Information…) to set version information. The star in Assembly Version is required as it is the magic part, that allows use to retrieve the compile date.

Continue reading →

Posted in .net, Windows Phone 7 | Tagged about, version, wp7 | Comments Off

Remove T-Mobile branding on Samsung Omnia 7 (partially)

Posted on Day 363 in 2010 by Tobias Mueller

Dear reader,

if you are part of the handful of users that use Internet Explorer on their Samsung Omnia 7 devices and are unsatisfied with the branded T-Mobile search, here is your solution. You can change between Bing and T-Mobile as search provider.

Technically the application changes the default search scope of Internet Explorer from TMO to BING or vice versa. This is possible with the help of a native Samsung DLL, therefore sideloading abilities (Chevron WP7) are required.

Download here: Click.

Continue reading →

Posted in .net, Windows Phone 7 | 1 Comment

Getting a more secure Windows Phone 7 app

Posted on Day 363 in 2010 by Tobias Mueller

Hi all,

FORWORD: Currently I do not have an application on the marketplace I can test the code with. I do NOT know if a real windows phone 7 will remove the WMAppPRHeader.xml file.

UPDATE1: Looks like the WMAppPRHeader.xml file does not get removed on the phone (confirmed with Windows\FileBrowser.exe on a real phone). Therefore this technique should work (30-Dec-2010 6:22PM).

UPDATE2: There is an ongoing discussion concerning this and other counter measures, please make sure that you see the discussion over at the app hub forum. (31-Dec 2010 0:50AM)

UPDATE3: The idea below is be no means a fix for the drm problem marketplace is facing. It is one idea out of many on how developers could make “pirating” less easy with the currently available toolset. (31-Dec 2010 0:56AM)

IDEA FOR POSSIBLE SOLUTION:

After the dust of the Proof-of-Concept (PoC) I’d provided to Daniel concerning the overall security of Microsoft’s WP7 Marketplace has settled a bit I want to follow up with an idea for a little code snippet which would make your app -in my opinion- a lot more secure:

Continue reading →

Posted in .net, Windows Phone 7 | 16 Comments

Samsung? No MMS? read on…

Posted on Day 345 in 2010 by Tobias Mueller

Dear reader,

after a long absence from blogging I am back.
This time we will give you your MMS capabilities on your Samsung Windows Phone 7 device back, even if you are not on one of the exclusive networks which were launch partner of Samsung.

Requirements:

Samsung WP7 device (Omnia 7, Focus)
Sideload capability on device (either via MS, $99/year, or ChevronWP7, free)

What this tool does:

Exactly like the original Samsung app “Network Profile” this little xap let’s you select the correct profile (APN, MMS, etc) for your network. In addition it allows you to enable “auto profile selection” even if this functionality is blocked by your provider. Auto selection requires just a restart. No reset required, never!

We did successful tests with this tool on the following networks: Swisscom and AT&T. Please leave a comment if you were also successful on a different network.

Here you can get it:

Click here (hosted on 2shared.com).

Screenshots (from an older version):

Bluethooth address and Sales Code was removed in the later version. Please use Samsung diagnostic to get this information.

Thanks to the ChevronWP7 guys. The guy who made the Network Profile xap available and all the other guys currently trying to find a way around the limited WP7 API.

Best regards,
-t

Posted in Personal | 9 Comments