×

Discussion Board

Page 1 of 2 12 LastLast
Results 1 to 15 of 17
  1. #1
    Registered User
    Join Date
    Nov 2006
    Location
    CO, USA
    Posts
    8

    SignHelper for Symbian Signed - check this out

    Hi, just wanted to share some information.
    These guys have done something interesting -
    www.maccent.com/signhelper.php

    Seems like the approach they propose suits our company's needs pretty well. We are going to release versions of our applications for S60 quite often and we use protected APIs extensively but we don't want to go through Symbian Signed certification for every release. Hope this helps.
    Last edited by Accentech; 2007-12-15 at 17:53.

  2. #2
    Nokia Developer Moderator
    Join Date
    Mar 2003
    Location
    Lempäälä/Finland
    Posts
    29,167

    Re: SignHelper for Symbian Signed - check this out

    Will not halp you at all...

    You still need to go through all aspects of the signing, for me it appears that they are basically "techning" you with a PDF material, on how to get it done. Never read the PDF, but there are free materials available on this site as well as in symbiansigned.com as well as quite many independent sites, so either use search facilities, or spend the money to get it combined on that PDF.

  3. #3
    Super Contributor
    Join Date
    Nov 2004
    Location
    Wiltshire, UK
    Posts
    3,644

    Re: SignHelper - check this out


  4. #4
    Nokia Developer Moderator
    Join Date
    Sep 2004
    Location
    Tampere, Finland
    Posts
    11,359

    Re: SignHelper - check this out

    Damn, yet another 100% natural capability enlargement system?
    -- Lucian

    If you are not yet a DVLUP member it is time to correct that mistake :) Click here to join: http://www.dvlup.com/lucian/Invite

  5. #5
    Registered User
    Join Date
    Nov 2006
    Location
    CO, USA
    Posts
    8

    Re: SignHelper - check this out

    Quote Originally Posted by Paul.Todd View Post
    We've purchased it and I can assure you it is not a rehash.
    They give a normal solution, not a hack. Customers, who want to install your apps, are not supposed to hack their phones' firmware.

    Quote Originally Posted by symbianyucca View Post
    Will not halp you at all...

    You still need to go through all aspects of the signing, for me it appears that they are basically "techning" you with a PDF material, on how to get it done. Never read the PDF, but there are free materials available on this site as well as in symbiansigned.com as well as quite many independent sites, so either use search facilities, or spend the money to get it combined on that PDF.
    It's not a combination of freely available materials. Try to do the same thing they offer, but using free materials
    Last edited by Accentech; 2007-12-16 at 16:49.

  6. #6
    Registered User
    Join Date
    Nov 2006
    Location
    CO, USA
    Posts
    8

    Re: SignHelper - check this out

    Quote Originally Posted by ltomuta View Post
    Damn, yet another 100% natural capability enlargement system?
    How about "limitation reducing system" ?

  7. #7
    Nokia Developer Moderator
    Join Date
    Sep 2004
    Location
    Tampere, Finland
    Posts
    11,359

    Re: SignHelper - check this out

    I don't know. Send me the product for review and I'll let you know if using it produces any measurable improvement and if there are any side effects.
    -- Lucian

    If you are not yet a DVLUP member it is time to correct that mistake :) Click here to join: http://www.dvlup.com/lucian/Invite

  8. #8
    Nokia Developer Moderator
    Join Date
    Feb 2006
    Location
    Oslo, Norway
    Posts
    28,673

    Re: SignHelper - check this out

    This thread is starting to become as mysterious as http://discussion.forum.nokia.com/fo...d.php?t=121508

  9. #9
    Registered User
    Join Date
    Dec 2007
    Posts
    1

    Exclamation Re: SignHelper

    First – it’s helpful to note that Symbian Signed's new Express Signed process addresses the two underlying issues that this approach is claiming to address, i.e.:
    • the signing process is a bottleneck to development, and
    • it is too expensive to re-sign upgrades to your application.


    In addition to this, we’ve looked into the proposed solution and have a couple of comments that developers and ISVs may find useful.

    The approach described is that ISVs should essentially separate their application into two pieces. First – a proxy server process that has all the necessary capabilities and makes calls to all protected APIs required by the application. Second – a UI process that has no capabilities and makes calls to this proxy server. The approach states that the UI application could then be upgraded without the need for re-signing as it has no capabilities.

    A concern that we’d like to highlight is that there is a real risk of 'capability leakage' (similar to 'Privilege escalation': http://en.wikipedia.org/wiki/Privilege_escalation) using this approach. Unless clients of your 'SignHelper' server are authenticated, a malicious third party application could take advantage of the open API exposed by your 'SignHelper' server to gain privileged access to system services (e.g. send SMSs). Obviously if such malware were found to be exploiting your application in such a way that harms device users (and damage your reputation), it would be necessary to revoke your application in order to block the malware, as the malware itself would not have been signed and couldn’t be revoked.

    Thanks
    Last edited by livendirect; 2007-12-19 at 11:43.

  10. #10
    Registered User
    Join Date
    Dec 2007
    Posts
    1

    Re: SignHelper

    Quote Originally Posted by livendirect View Post
    Unless clients of your 'SignHelper' server are authenticated, a malicious third party application could take advantage of the open API exposed by your 'SignHelper' server to gain privileged access to system services (e.g. send SMSs).
    Thank you for your comment.
    First of all we don't encourage developers to expose that API. It's supposed to be proprietary for every company. We don't see any reason why it should be shared with other developers as it's the part of companies' intellectual property.

    Though it's a good suggestion to authenticate clients of the 'SignHelper' server.

  11. #11
    Nokia Developer Moderator
    Join Date
    Mar 2003
    Location
    Lempäälä/Finland
    Posts
    29,167

    Re: SignHelper

    Hi mAccent, Could you really do a big favour and send a copy to itomuta, then we could get the real evaluations out from your "magic" system..

  12. #12
    Nokia Developer Moderator
    Join Date
    Feb 2006
    Location
    Oslo, Norway
    Posts
    28,673

    Re: SignHelper

    Quote Originally Posted by mAccent View Post
    First of all we don't encourage developers to expose that API. It's supposed to be proprietary for every company.
    It does not have to be shared, it can be cracked too, if you are not careful enough when implementing the proxy. The proxy has to identify the caller application in a non-bypassable way, and I am absolutely not sure if that is possible at all.

  13. #13
    Nokia Developer Moderator
    Join Date
    Mar 2003
    Location
    Lempäälä/Finland
    Posts
    29,167

    Re: SignHelper

    proxies, so the Big magic is to use Client-server architecture, so the client's woudln't be needed to be signed. Nothing new really, and there are client-server examples available in this forum already.

  14. #14
    Super Contributor
    Join Date
    Nov 2004
    Location
    Wiltshire, UK
    Posts
    3,644

    Re: SignHelper - check this out

    The problem with this approach is that it is in violation of the Symbian signed terms and conditions (at least for manufactuer set) and you risk having your company barred doing it.

    This is especially true for manufacturer set capabilities where you have to specifically agree to submit the final package with a certain amount of time for signing.

    I'm sure its not anyones intention to leak capabilties but there was a very illuminaing post either here or on Symbian where someone wanted to have their self signed application call a symbian signed server that would be signed with the location capabilty so anyone could get the location capability via self signing (ie the server was not properly protected to prevent other applications accessing it)

  15. #15
    Nokia Developer Moderator
    Join Date
    Feb 2006
    Location
    Oslo, Norway
    Posts
    28,673

    Re: SignHelper - check this out

    You mean this thread: http://discussion.forum.nokia.com/fo...d.php?t=121834.
    There is a slight difference, since Location capability is going to be user-grantable in forthcoming devices. This is not the case for most other caps.

Similar Threads

  1. S60 2nd to 3rd/ PlatformSecurity / Capabilities
    By jarkoos in forum Symbian Signed Support, Application Packaging and Distribution and Security
    Replies: 4
    Last Post: 2007-04-14, 14:08
  2. PIM API : how to check supported fields
    By arsllan in forum Mobile Java General
    Replies: 1
    Last Post: 2007-03-26, 11:58
  3. Showing check box on menu
    By Utk in forum Symbian
    Replies: 0
    Last Post: 2004-12-20, 07:52
  4. GSM/GPRS Drivers check FAILED
    By hblume in forum Multimodecards
    Replies: 3
    Last Post: 2004-01-28, 21:37
  5. SMS Msg using VB Application
    By gurup83 in forum General Messaging
    Replies: 2
    Last Post: 2002-07-11, 04:48

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
×