After some initial trouble, I managed to get the Symbian 9.2 Platform Security hack working on my N95 with 20.0.015 firmware. It does work fine, as long as you don’t reboot the phone, as you can see in these screenshots:
Hack is already done with Python script + AppTRK. Now I open Dr Jukka’s Y-Browser
Copying C:\Python\ball.py to the clipboard.
Pasting ball.py in C:\sys\bin. Ouch!
For those not familiar with the Symbian operating system, C:\sys\ and folders below are data caged (protected) folders that can only be read by applications given AllFiles capability (through Symbian Signed, with Platform Approval) and can only be written to by software with TCB capability, which needs to be approved by the manufacturer.
Y-Browser application does not have such advanced capabilities, since it’s signed with a self-signed certificate. Nevertheless, it can read from and write to C:\sys\bin, therefore gaining the possibility of copying any executable file into this directory, bypassing the installer and compromising the system.
The same blogger who unveiled the hack has now posted a guide on installing unsigned applications with the help of a file browser (hard way) and a Python script (easy way), thus allowing any application to have full capabilities, including the advanced ones I explained above.
As I said in my previous post, I do not recommend anybody to install untrusted applications this way, as those can potentially wipe out the entire file system, record phone calls, use the network in some nasty ways, causing you a lot of headache and possibly huge money losses (can you imagine a ‘nice’ app shooting 5 SMS messages a second? Man that’s gonna be a big bill). While I admit it’s a remarkable job by the hacker community, I still advise people to stick to signed applications, if they wanna stay away from viruses and malware.
© 2008 Daniel Rocha
3 responses so far ↓
1 Mr-X // Apr 2, 2008 at 8:53 am
Hi Daniel,
I see that you’re enjoying the hacks! Just to let you know, it is now possible to install unsigned apps with custom certs that give the applications full capabilities. Both ways of hacking the phone can now be made PERMANENT.
I was wondering…How big of an annoyance is this for the guys and gals over there? Also, do you know any info about the upcoming V20 firmware for the N95 8GB…was it created just to ‘plug the hole’ in s60 firmware?
By the way, do you know what combo memory is?
I’d be glad if you can answer any of my questions!
2 Croozeus // Apr 2, 2008 at 10:52 pm
Well surely I would stick to the signed apps.
It would be interesting to know what Nokia does on this.
3 F.Z // Sep 18, 2008 at 2:14 pm
Hello guys
Are you interesting on symbian moap system hack? Its a well paid work. contact me if you can do it. chukto834 at gmail.com
Leave a Comment