×

Discussion Board

Results 1 to 7 of 7
  1. #1
    Registered User
    Join Date
    Mar 2003
    Posts
    26

    How to grant any capability to self signed applications

    I wonder how Nokia would react to the fact that it is so easy to actually give ANY capabilty to an executable using standard tools that come with the SDK (please note: THIS IS NOT A HACK or CRACK)

    1) Create your application using any of the S60 3rd Edition SDK, using a UID grabbed from the unprotected range (see: http://www.symbiansigned.com to have yours allocated)
    2) Compile for GCCE/ARMV5
    3) Before packing your application into SIS use this command for every EXE/DLL that your application is composed of:

    elftran -capabilities [capabilties set] drive:\sdkpath\yourapp.exe

    i.e.:

    elftran -capabilities WriteUserData+AllFiles+TCB S:\Symbian\9.1\S60_3rd_MR\Epoc32\release\GCCE\UREL\myApp.exe

    Remember to grant same capabilities to all your application components (DLLs, plugins etc). that composes the app not just the main exe, otherwise it won't work

    4) Create you own self certificate with makekeys
    5) Create the SIS file with makesis
    6) Sign the SIS using your self certificate

    Install.... even if the user will be still adviced that he/she is installing an application from an untrusted source, once done, the application has access to everything, even to manufacturer granted only capabilities (I'm sure you have already noticed the TCB and AllFiles I have put in the example).

    If I knew it before, this would have saved me around 12.000 $US in signing fees, counteless days waiting for something to be tested and a lot of frustation.

    Cheers,
    Lev

  2. #2
    Nokia Developer Moderator
    Join Date
    Feb 2006
    Location
    Oslo, Norway
    Posts
    28,567

    Re: How to grant any capability to self signed applications

    Yeah, however it is more "powerful" if you simply put
    Code:
    CAPABILITY All
    into the .mmp file.
    It might be a tiny problem that your code will never run, but who cares :-)

  3. #3
    Registered User
    Join Date
    Mar 2003
    Posts
    26

    Re: How to grant any capability to self signed applications

    Quote Originally Posted by wizard_hu_ View Post
    Yeah, however it is more "powerful" if you simply put
    Code:
    CAPABILITY All
    into the .mmp file.
    It might be a tiny problem that your code will never run, but who cares :-)
    You should probably read this one before laughing too loud:

    http://www.symbaali.info/


    Cheers,
    Lev

  4. #4
    Super Contributor
    Join Date
    May 2003
    Location
    Vancouver, Canada
    Posts
    985

    Re: How to grant any capability to self signed applications

    This is really strange.

    In which devices are you testing this? I cannot install SISX that has manufacturer capabilities signed with self-signed certificate to my device. It always says "Required application access not granted" -> and I think this it the right behavior.

    Are you using one of the prototype devices? I know that some prototype devices disable Platform Security.

    Also, even if you are able to install the SISX files, are you able to call any APIs that have manufacturer capabilities?
    Antony Pranata
    http://www.antonypranata.com/
    http://www.s60tips.com/

  5. #5
    Super Contributor
    Join Date
    May 2003
    Location
    Vancouver, Canada
    Posts
    985

    Re: How to grant any capability to self signed applications

    Quote Originally Posted by Leviathan2040 View Post
    You should probably read this one before laughing too loud:

    http://www.symbaali.info/


    Cheers,
    Lev

    The one in symbaali.info requires "special firmware modification". I believe he disables Platform Security on this special firmware.
    Antony Pranata
    http://www.antonypranata.com/
    http://www.s60tips.com/

  6. #6
    (Retired) Nokia Developer Admin.
    Join Date
    Jan 2006
    Location
    Michigan
    Posts
    4,664

    Re: How to grant any capability to self signed applications

    Hi Lev,

    This is just an initial statement to let you know we are taking action.

    Nokia is aware of the claims presented in Symbaali.info and we are currently investigating the issue. Nokia takes all security issues seriously. We are determined to be active in the development of security controls and preventive measures.

    Ron

  7. #7
    Nokia Developer Moderator
    Join Date
    Feb 2006
    Location
    Oslo, Norway
    Posts
    28,567

    Re: How to grant any capability to self signed applications

    Sorry, I just have not found this thread in the last few days - probably it was quarantined. However note that "Exploring S60 with AllFiles" entry is not independent from "Goodbye S60 Platform Security, Hello CAPABILITIES!":
    Symbian Signed says they won't accept any file explorer tools with AllFiles capabilities. As a result of firmware modification, they really don't need to do that, we can self-sign those!
    So it is obviously possible to hack the firmware updater, and the firmware itself, but this approach is only a devcert-replacement. You cannot expect customers to all hack their devices.
    If I knew it before, this would have saved me around 12.000 $US in signing fees, counteless days waiting for something to be tested and a lot of frustation.
    I do not know, do you really pay for every single occasion when you sign something with your devcert???

Similar Threads

  1. platformRequest and signed applications
    By canard_42 in forum Mobile Java General
    Replies: 4
    Last Post: 2007-06-28, 22:14
  2. S60 2nd to 3rd/ PlatformSecurity / Capabilities
    By jarkoos in forum Symbian Signed Support, Application Packaging and Distribution and Security
    Replies: 4
    Last Post: 2007-04-14, 14:08
  3. symbian signed applications: how must does it cost?
    By sgalmeida in forum Symbian C++
    Replies: 2
    Last Post: 2007-01-26, 04:30
  4. Problems installing applications with MMS Capability
    By pmgf_14 in forum Mobile Java Networking & Messaging & Security
    Replies: 3
    Last Post: 2006-11-10, 19:42

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •