Goodbye S60 Platform Security, Hello CAPABILITIES!
Somebody asked about the .sisx file installation restrictions (aka Platform Security), so here's a similar solution for that. It's similar hack to midlet permissions, please see previous entry how to run updater first and where the image files stay.
The S60 image contains policy file, which enforces the capabilities and signatures when installing applications. Luckily, it allows defining the user granted permissions easily (it's all documented!). The actual offset of this SWIPOLICY.INI file varies, so this is not a complete solution (not taking account flash sector data, but you probably know better what you are doing)
At offset 28251550 of image, my phone's contents of the "SWIPOLICY.INI":
Note the UserCapabilities field. Now, in my phone this fragment is exactly 648 bytes in size, so we have exactly that much bytes to fit our new policy.
First, extract the original text using dd (the famous unix tool). Replace skip offset and count bytes with suitable values:
Next, edit the capabilities you want into the file. If you run out of space, see for Symbian's documentation for defaults, you might want to remove some. For reference, here are my own modest capabilities for self-signed executables - I chose to remove AlternativeBullshitOID (I have no idea what it does):
(padded to 648 bytes using empty lines)
Verify that the result fits into 648 bytes (or whatever) and then insert it into the same spot in ROM image:
Finally, update the phone. After that, you should be getting much more capabilities with self-signing, actually more than you get with "standard" developer certificates. This even saves some $$$, because you don't have to buy ACS Bullshit ID to get these more "sensitive" capabilities.
I have verified this hack by compiling an EXE with all above capabilities, installing it in a self-signed sisx and checking RThread::HasCapability() for those capabilities. And don't worry, WE ARE CERTIFIED!
The S60 image contains policy file, which enforces the capabilities and signatures when installing applications. Luckily, it allows defining the user granted permissions easily (it's all documented!). The actual offset of this SWIPOLICY.INI file varies, so this is not a complete solution (not taking account flash sector data, but you probably know better what you are doing)
At offset 28251550 of image, my phone's contents of the "SWIPOLICY.INI":
AllowUnsigned = false
MandatePolicies = false
MandateCodeSigningExtension = false
Oid = 1.2.3.4.5.6
Oid = 2.3.4.5.6.7
DRMEnabled = true
DRMIntent = 3
OcspMandatory = false
OcspEnabled = true
AllowGrantUserCapabilities = true
AllowOrphanedOverwrite = true
UserCapabilities = NetworkServices LocalServices ReadUserData WriteUserData UserEnvironment
AllowPackagePropagate = true
SISCompatibleIfNoTargetDevices = false
RunWaitTimeoutSeconds = 600
AllowRunOnInstallUninstall = false
DeletePreinstalledFilesOnUninstall = true
AlternativeCodeSigningOID = 1.3.6.1.4.1.94.1.49.1.2.2.1 1.3.6.1.4.1.94.1.49.1.2.2.5
PhoneTsyName = phonetsy
Note the UserCapabilities field. Now, in my phone this fragment is exactly 648 bytes in size, so we have exactly that much bytes to fit our new policy.
First, extract the original text using dd (the famous unix tool). Replace skip offset and count bytes with suitable values:
dd if=phonemodel.C01 of=some.txt skip=28251550 bs=1 count=648
Next, edit the capabilities you want into the file. If you run out of space, see for Symbian's documentation for defaults, you might want to remove some. For reference, here are my own modest capabilities for self-signed executables - I chose to remove AlternativeBullshitOID (I have no idea what it does):
AllowUnsigned = false
MandatePolicies = false
MandateCodeSigningExtension = false
Oid = 1.2.3.4.5.6
Oid = 2.3.4.5.6.7
OcspMandatory = false
OcspEnabled = true
AllowGrantUserCapabilities = true
UserCapabilities = AllFiles DiskAdmin NetworkServices LocalServices ReadUserData WriteUserData ReadDeviceData WriteDeviceData UserEnvironment PowerMgmt MultimediaDD TrustedUI ProtServ NetworkControl SwEvent Location SurroundingsDD CommDD
AllowPackagePropagate = true
SISCompatibleIfNoTargetDevices = false
RunWaitTimeoutSeconds = 600
DeletePreinstalledFilesOnUninstall = true
PhoneTsyName = phonetsy
(padded to 648 bytes using empty lines)
Verify that the result fits into 648 bytes (or whatever) and then insert it into the same spot in ROM image:
dd if=some.txt of=phonemodel.C01 seek=28251550 bs=1 count=648
Finally, update the phone. After that, you should be getting much more capabilities with self-signing, actually more than you get with "standard" developer certificates. This even saves some $$$, because you don't have to buy ACS Bullshit ID to get these more "sensitive" capabilities.
I have verified this hack by compiling an EXE with all above capabilities, installing it in a self-signed sisx and checking RThread::HasCapability() for those capabilities. And don't worry, WE ARE CERTIFIED!
posted by manko at
Wednesday, October 10, 2007
22 Comments
Links to this post
