LG Xenon - Accessing filesystem using bluetooth and OBEX

Tonglebeak

Newbie

Posts: 23

Accessing filesystem using bluetooth and OBEX

« on: December 29, 2009, 02:22:51 PM »

Just wanted to let you guys know that it's in progress...I'm so tired of being chained to what the phone came with from the factory, so it's time to get it on.

I currently have been able to make a directory in the filesystem. It seems the structure, as far as where "Other Files" is, is /Media/Other Files. Here's a folder structure of what I have so far for /

<!DOCTYPE folder-listing SYSTEM "obex-Folder-listing.dtd">
<folder-listing version="1.0">
<parent-folder />
<file name="RecMngr.bin" size="3145728" />
<file name="drm_bind_id.dat" size="16" />
<file name="VcuReg.bin" size="35596" />
<folder name="DM" />
<folder name="DRM" />
<folder name="Pso" />
<folder name="Pxo" />
<folder name="Media" />
<folder name="Obigo" />
<folder name="Modules" />
<folder name="testrw" />
</folder_listing>

I'm pretty sure there's nothing higher up than t hat. If there is, it's completely shutoff, but I highly doubt that there's anything higher. The "testrw" folder was my test to see if we had write access to that folder, and sure enough write access is there for us. So we have read-access, write access...things are opening up. Time to find where the java apps are at so I can try deleting them to see what happens.

Oh, and yes, these phones are capable of FOTA. I took a gif file off the phone that you would actually see on your phone if you were to do a FOTA update (which doesn't appear to be supported by ATT at this time).

Here's a scary thing: /Obigo/brs/private_data.dat stores a file that lists every search term you've ever entered into the built-in browser.


« Last Edit: December 29, 2009, 02:37:18 PM by Tonglebeak »	Logged

Tonglebeak

Newbie

Posts: 23

Re: Accessing filesystem using bluetooth and OBEX

« Reply #1 on: December 29, 2009, 06:28:09 PM »

Here's the att.pol file (may vary slightly from your phone):

Code:

#################################################################################
#��: Security Policy �� Ľ�� Ǵ� �� ּ� �� ('#', ';', '/')
#################################################################################

//------------------------------ Network Policy ------------------------------
alias: HTTP_HTTPS
javax.microedition.io.Connector.http,
javax.microedition.io.Connector.https

alias: SSL
javax.microedition.io.Connector.ssl

alias: Comm_Connectivity
javax.microedition.io.Connector.comm

alias: Datagram
javax.microedition.io.Connector.datagram,
javax.microedition.io.Connector.datagramreceiver

alias: Socket
javax.microedition.io.Connector.socket,
javax.microedition.io.Connector.serversocket

alias: SIP
dummy

alias: Push
javax.microedition.io.PushRegistry

//------------------------------ PIM Policy ------------------------------
alias: PIM
javax.microedition.pim.ContactList.read,
javax.microedition.pim.EventList.read,
javax.microedition.pim.ToDoList.read,
javax.microedition.pim.ContactList.write,
javax.microedition.pim.EventList.write,
javax.microedition.pim.ToDoList.write

//------------------------------ File Policy ------------------------------
alias: FILE
javax.microedition.io.Connector.file.read,
javax.microedition.io.Connector.file.write

//------------------------------ Message Policy ------------------------------
alias: SMS
javax.microedition.io.Connector.sms,
javax.wireless.messaging.sms.send,
javax.wireless.messaging.sms.receive

alias: CBS
javax.microedition.io.Connector.cbs,
javax.wireless.messaging.cbs.receive

alias: MMS
javax.microedition.io.Connector.mms,
javax.wireless.messaging.mms.send,
javax.wireless.messaging.mms.receive

//------------------------------ Bluetooth Policy ------------------------------
alias: Bluetooth
javax.microedition.io.Connector.bluetooth.client,
javax.microedition.io.Connector.bluetooth.server,
javax.microedition.io.Connector.obex.client,
javax.microedition.io.Connector.obex.server

//------------------------------ SIM Policy ------------------------------
alias: SIM
dummy

//------------------------------ Location Policy ------------------------------
alias: Location
javax.microedition.location.Location,
javax.microedition.location.Orientation,
javax.microedition.location.ProximityListener,
javax.microedition.location.LandmarkStore.read,
javax.microedition.location.LandmarkStore.write,
javax.microedition.location.LandmarkStore.category,
javax.microedition.location.LandmarkStore.management

//------------------------------ Record Control Policy ------------------------------
alias: Record_Control
javax.microedition.content.ContentHandler,
javax.microedition.media.control.RecordControl,
javax.microedition.media.control.VideoControl.getSnapshot

//------------------------------------------------------------------------------------
domain: C=US;O=Cingular Wireless, LLC;CN=Cingular Trusted Root CA
type: operator
allow: HTTP_HTTPS
allow: Comm_Connectivity
allow: SSL
allow: Datagram
allow: Socket
allow: SIP
allow: Push
allow: PIM
allow: FILE
allow: SMS
allow: CBS
allow: MMS
allow: Bluetooth
allow: SIM
allow: Location
allow: Record_Control

domain: C=US;O=Cingular Wireless, LLC;CN=Cingular Preferred Root CA
type: operator
blanket(oneshot): HTTP_HTTPS
blanket(oneshot): Comm_Connectivity
blanket(oneshot): SSL
blanket(oneshot): Datagram
blanket(oneshot): Socket
blanket(oneshot): SIP
blanket(oneshot): Push
blanket(oneshot): PIM
blanket(oneshot): FILE
blanket(oneshot): SMS
blanket(oneshot): CBS
blanket(oneshot): MMS
blanket(oneshot): Bluetooth
blanket(oneshot): Record_Control

domain: C=US;O=Unified Testing Initiative (UTI);CN=GeoTrust CA for UTI
//type: 3rd-party
session(oneshot): HTTP_HTTPS
session(oneshot): SSL
session(oneshot): Datagram
session(oneshot): SMS
session(oneshot): MMS
session(oneshot): Comm_Connectivity
session(oneshot): Bluetooth
session(oneshot): Push
session(oneshot): Record_Control

domain: C=ZA;S=Western Cape;L=Cape Town;O=Thawte Consulting cc;OU=Certification Services Division;CN=Thawte Premium Server CA;E=premium-server@thawte.com
//type: 3rd-party
session(oneshot): HTTP_HTTPS
session(oneshot): SSL
session(oneshot): Datagram
session(oneshot): SMS
session(oneshot): MMS
session(oneshot): Comm_Connectivity
session(oneshot): Bluetooth
session(oneshot): Push
session(oneshot): Record_Control

domain: C=US;O=VeriSign, Inc.;OU=Class 3 Public Primary Certification Authority
//type: 3rd-party
session(oneshot): HTTP_HTTPS
session(oneshot): SSL
session(oneshot): Datagram
session(oneshot): SMS
session(oneshot): MMS
session(oneshot): Comm_Connectivity
session(oneshot): Bluetooth
session(oneshot): Push
session(oneshot): Record_Control

domain: C=KR;O=LG Electronics;CN=CA, LG Electronics for Trusted Domain
//type: manufacture
blanket(oneshot): HTTP_HTTPS
blanket(oneshot): Comm_Connectivity
blanket(oneshot): SSL
blanket(oneshot): Datagram
blanket(oneshot): Socket
blanket(oneshot): SIP
blanket(oneshot): Push
allow: PIM
allow: FILE
session(oneshot): SMS
session(oneshot): CBS
session(oneshot): MMS
blanket(oneshot): Bluetooth
session: SIM
oneshot: Location
session(oneshot): Record_Control

domain: C=KR;O=LG Electronics;CN=CA, LG Electronics for Developer
type: operator
allow: HTTP_HTTPS
allow: Comm_Connectivity
allow: SSL
allow: Datagram
allow: Socket
allow: SIP
allow: Push
allow: PIM
allow: FILE
allow: SMS
allow: CBS
allow: MMS
allow: Bluetooth
allow: SIM
allow: Location
allow: Record_Control

domain: untrusted
oneshot: HTTP_HTTPS

I'm going to modify it and let you know if I can get things to happen as far as not being bugged about data access EVERY DAMN CLICK.


	Logged

bhiga

Administrator
Hero Member

Posts: 848

Re: Accessing filesystem using bluetooth and OBEX

« Reply #2 on: December 30, 2009, 06:10:11 PM »

Hopefully you've made more progress than I did?

I wouldn't overwrite the policy file...

Oh yeah, BE VERY CAREFUL NOT TO DELETE ANYTHING as you can't put it back where it belongs - unless you've found a way to write files directly to a specific location without the phone moving it.


	Logged

--Brandon
LG GR500 Xenon: The Better Manual - get it here
Carrier: AT&T
Data cable: LG-DLC100
Platforms: XP Pro 32-bit, Windows 7 Pro 64-bit
Phone: LG Xenon (GR500) - Black

Tonglebeak

Newbie

Posts: 23

Re: Accessing filesystem using bluetooth and OBEX

« Reply #3 on: December 30, 2009, 06:18:40 PM »

I ended up deleting the att.pol last night. No harmful effects have resulted. After reinstalling opera mini, I only get the data access nag once after I open up opera, and that's it. I can surf away with no more nags.

I'm currently working with the openobex group to hammer out some bugs, hopefully. I can mount the filesystem using FUSE, but there's a bug on the openobex side that'll need resolved first.

https://sourceforge.net/projects/openobex/forums/forum/27861

Also, I'm going to pull the binary file that I _think_ is handling the obex requests on the phone, and try to decompile it to see if there's perhaps a special header that needs sent, or whatnot.


« Last Edit: December 30, 2009, 06:24:48 PM by Tonglebeak »	Logged

Tonglebeak

Newbie

Posts: 23

Re: Accessing filesystem using bluetooth and OBEX

« Reply #4 on: December 30, 2009, 08:02:11 PM »

Ok, I'm seriously pissed now. This phone keeps track of EVERYTHING it seems. Messages that have long been deleted, are still stored in RecMngr.bin. I crapped myself when I saw seriously old text messages with corresponding phone numbers in it.

WHat the hell is this, big brother?


	Logged

curlefry

Newbie

Posts: 36

Re: Accessing filesystem using bluetooth and OBEX

« Reply #5 on: December 31, 2009, 11:33:18 PM »

Quote from: Tonglebeak on December 30, 2009, 08:02:11 PM

That really pisses me off, they only give us room for ~100 texts even though it's blatantly keeping them...thank you for your hard work Tonglebeak, I really appreciate it since I don't understand this phone mumbo-jumbo.


	Logged

Remember to read through your or I recommend highly The BETTER Manual!! thx to bhiga.

justin121994

Newbie

Posts: 5

Re: Accessing filesystem using bluetooth and OBEX

« Reply #6 on: January 01, 2010, 06:59:48 PM »

Thats really pissing me off that it saves all the texts.
Have you found a way to take off the limit for texts?


	Logged

Tonglebeak

Newbie

Posts: 23

Re: Accessing filesystem using bluetooth and OBEX

« Reply #7 on: January 02, 2010, 10:33:52 AM »

Still working on it. As of now I'm waiting on a bugfix on openobex's side, so I can proceed further.

I've also found that RecMngr.bin has a list of every single URL I've ever visited using Obigo (the built-in browser). This phone ticks me off more and more.

I've also tried accessing the filesystem with Virtual Sim enabled, but the phone completely refuses to do anything (response code of 43 from the phone, which means "Forbidden".) Not sure if there's a way to override that currently, will definitely work on it though.

ANother possibility is modifying the headers sent using the obex protocol. If we absolutely cannot find a way around the phone's "best-guess file placement", then perhaps sending false headers will trick it into placing files where we want to. I am definitely going to work on that as well. Will keep everyone up to date.


« Last Edit: January 02, 2010, 10:36:02 AM by Tonglebeak »	Logged

Whoracle

Newbie

Posts: 18

Re: Accessing filesystem using bluetooth and OBEX

« Reply #8 on: January 02, 2010, 05:55:53 PM »

Great job mate


	Logged

max13

Newbie

Posts: 1

Re: Accessing filesystem using bluetooth and OBEX

« Reply #9 on: January 03, 2010, 05:24:02 PM »

Great job, I am glad to see that there is still hope.


	Logged

Whoracle

Newbie

Posts: 18

Re: Accessing filesystem using bluetooth and OBEX

« Reply #10 on: January 12, 2010, 06:53:03 PM »

Quote from: Tonglebeak on December 30, 2009, 06:18:40 PM

Tongle mate could you guide me on how you accessed the file system ? And how you deleted the policy file, I have a Rogers phone and it's restricting Java apps to be installed from the web browser only, and installed applications don't have access to any file on the phone / memory card.

Cheers mate


	Logged

«ammar»

Newbie

Posts: 11

Re: Accessing filesystem using bluetooth and OBEX

« Reply #11 on: January 12, 2010, 07:25:48 PM »

im just gonna say that u might not wanna do any of ur hacks with bluetooth connection
because some of the files u send might lose some information a long the way and ur connection might disable causing ur phone to be bricked


	Logged

Whoracle

Newbie

Posts: 18

Re: Accessing filesystem using bluetooth and OBEX

« Reply #12 on: January 12, 2010, 08:20:22 PM »

I just connected to my phone using OBEX Commander (Has a user-friendly interface, you might want to check it out). The phone connects successfully and drivers installs successfully, except it gets stuck on "Retrieving Folders" then it fails, and it disconnects.


	Logged

«ammar»

Newbie

Posts: 11

Re: Accessing filesystem using bluetooth and OBEX

« Reply #13 on: January 13, 2010, 01:23:23 PM »

if u guys hav a data cable then u can conenct ur phone to the data cable then install the lg usb modem driver
it might work
then u guys might be able to try to connect to efs


	Logged

bhiga

Administrator
Hero Member

Posts: 848

Re: Accessing filesystem using bluetooth and OBEX

« Reply #14 on: January 13, 2010, 01:52:57 PM »

Note: Java application permissions are defined (and somehow stored) at install, so deleting the att.pol may not affect currently-installed applications, but I'm curious to know if you can install something new and if it works OK.


	Logged

--Brandon
LG GR500 Xenon: The Better Manual - get it here
Carrier: AT&T
Data cable: LG-DLC100
Platforms: XP Pro 32-bit, Windows 7 Pro 64-bit
Phone: LG Xenon (GR500) - Black

Pages: [1] 2 3 4

: error unlock wallpapers lgb initiative xenon could send apt-get codes
opera com profile decode brand lgusbmodemdriver application structure help geotrust

« previous next »