Accessing (and hacking) Windows Phone registry

ElevenPaths  30 diciembre, 2013
Although Microsoft’s efforts on securing
Windows Phone 8 devices from community hacks, accessing the device’s registry
is still possible with some limitations. Writing to the registry is denied by
default
but read-permissions are quite lax.

First approach

When trying to read the registry, initial approach is (maybe) to invoke a
low-level library from WIN32 API, such as winreg.h to import the necessary
functions. However, PInvoke/DllImport isn’t available in Windows Phone, so we
would have to implement it from scratch. 
Needless to say that this breaks
Microsoft’s requirements for submitting such an application to the Store.

Doing some research shows that much work
has already been done and is available for public download in the “XDA
Developers” forum.
There is a project called “Native Access” by GoodDayToDie
that does exactly this. However compiling and using it is not straightforward so
we’ll give it a go and show how to do it.


Dependencies

The project’s source code can be download
from the following link: http://forum.xda-developers.com/showthread.php?t=2393243.
To
get the referenced libraries needed for building the project, it is needed to
convert the phone’s DLLs into .lib format (using, for example dll2Lib available from 
https://github.com/peterdn/dll2lib). Actually, the needed libraries are in system32 directory, but using the emulator’s libraries will not work on an actual phone. So you will need an image from real devices. There are ISO files available “out there”, so you can get and extract them easily.

Once done, you
need to place the extracted .LIBs in the Libraries folder of the WP8 SDK
(typically in Program Files (x86)Microsoft SDKsWindows Phonev8.0Libraries).

Problems compiling

However, if you have trouble compiling the code,
there’s a shortcut by referencing the .winmd file from an existing project that
uses Native Acces
s (WebAccess for example). Just extract the XAP’s contents
(which is just a zip file) and search for “Registry.dll” which is a precompiled
version of the project.
Now we are ready to use the library and writing code to search for some
interesting keys in the registry. The class provides all of the necessary
methods to access the registry: ReadDWORD, ReadString, ReadMultiString,
ReadBinary, ReadQWORD, GetHKey, GetSubKeyNames, GetValues


A real example

Here are the codes needed to access the different registry hives:

  • 80000000 -> HKEY_CLASSES_ROOT
  • 80000001 -> HKEY_CURRENT_USER
  • 80000002 -> HKEY_LOCAL_MACHINE
  • 80000003 -> HKEY_USERS
  • 80000004 -> HKEY_PERFORMANCE_DATA
  • 80000005 -> HKEY_CURRENT_CONFIG
Example code to access registry in Windows Phone 8

For some registry locations that are highly
sensitive, or for writing or creating keys, you need to add special
Capabilities to your app
. This will require an interop-unlock that has
currently been achieved
only in Samsung devices by taking advantage of
Samsung’s “Diagnosis tool”.



Tero de la Rosa
tero@11paths.com

Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *