Let the hacking BEGIN! (Filesystem access achieved!)

Im psyched for this!
This is perfect timing really. God just told my blackjack II to die, and I just got a new spring for my xenon, so its been resurrected, and I have my upgrade at the end of november, so Im willing to work on themes and whatnot.

My only problem is, my laptop is a combination of so many different old laptops (computers break, so I put them together to save money) and I don't have bluetooth yet.

If someone would be willing to get the filesystem off their AT&T Xenon, upload it somewhere, and give me a link, i'd be happy to start crunching down and setting it up.


PS...I got the firmware update for May today....what did they change?

Just found out that myphoneexplorer can browse the filesystem through bluetooth serial on windows sp3 on the windows bt stack. You just need to press the "Create new folder button" and type in ".." as the folder name. Same 4 directory limit. Uploading doesn't seem to work. Regardless of upload ability, the sync function looks like a good way to download most of the filesystem faster.

I have not been here in a while, but as for the 4 layer limitation, in a reply to the following post I showed that I made it in at least 5 layers using obex in linux.

http://www.lg-xenon.com/lg-xenon-modifications/accessing-filesystem-using-bluetooth-and-obex/



Here is what I posted:

I can get passed 4 layers if I use the -S switch. I'm using obexftp in ubuntu. Not sure if openobex has this switch.


i.e.  5 layers

obexftp -b xx:xx:xx:xx:xx:xx -S -c ../Media/Obigo/ref/theme/2 -l

Sending "../Media/Obigo/ref/theme/2"...|done

Receiving "(null)".../<?xml version="1.0"?>
<!DOCTYPE folder-listing SYSTEM "obex-Folder-listing.dtd">
<folder-listing version="1.0">
<parent-folder />
<file name="ls_Browser_softkey_forward.bmp" size="7076" />
<file name="Browser_softkey_favorite_dim.bmp" size="4196" />
<file name="tab_active2nd.bmp" size="30054" />
<file name="zoombar_out.bmp" size="1712" />
<file name="Browser_softkey_forward_p.bmp" size="4196" />
<file name="ls_Browser_softkey_back.bmp" size="7616" />
<file name="zoombar_in_p.bmp" size="1712" />
<file name="Browser_softkey_zoom.bmp" size="4736" />
<file name="zoombar_out_p.bmp" size="1712" />
<file name="Browser_softkey_refresh_p.bmp" size="4196" />
<file name="Browser_softkey_forward_dim.bmp" size="4196" />
<file name="Widgets_softkey_back.bmp" size="4536" />
<file name="ls_Browser_softkey_zoom_p.bmp" size="7796" />
<file name="Browser_softkey_refresh.bmp" size="4196" />
<file name="Browser_softkey_back.bmp" size="4736" />
<file name="zoombar_in.bmp" size="1712" />
<file name="zoombar_bg.bmp" size="21740" />
<file name="Browser_softkey_back_dim.bmp" size="4736" />
<file name="ls_Browser_softkey_refresh.bmp" size="7076" />
<file name="ls_Browser_softkey_stop_dim.bmp" size="7076" />
<file name="Browser_softkey_zoom_dim.bmp" size="4736" />
<file name="ls_Browser_softkey_zoom.bmp" size="7796" />
<file name="Browser_softkey_option.bmp" size="4536" />
<file name="ls_Browser_softkey_back_p.bmp" size="7616" />
<file name="ls_Browser_softkey_zoom_dim.bmp" size="7796" />
<file name="ls_Browser_softkey_favorite_p.bmp" size="7076" />
<file name="ls_tab_active1st3.bmp" size="54254" />
<file name="ls_tab_active1st.bmp" size="54254" />
<file name="Browser_softkey_close_p.bmp" size="9176" />
<file name="Browser_softkey_next_p.bmp" size="9176" />
<file name="browser_close_p.bmp" size="776" />
<file name="Browser_softkey_refresh_dim.bmp" size="4196" />
<file name="Widgets_softkey_back_p.bmp" size="4536" />
<file name="Browser_softkey_stop_dim.bmp" size="4196" />
<file name="Browser_softkey_close.bmp" size="9176" />
<file name="Browser_softkey_forward.bmp" size="4196" />
<file name="ls_tab_active2nd.bmp" size="54454" />
<file name="Browser_softkey_favorite_p.bmp" size="4196" />
<file name="ls_Browser_softkey_back_dim.bmp" size="7616" />
<file name="ls_Browser_softkey_stop_p.bmp" size="7076" />
<file name="Widgets_softkey_option_dim.bmp" size="4536" />
<file name="ls_tab_active2nd3.bmp" size="54454" />
<file name="Browser_softkey_prev_p.bmp" size="9176" />
<file name="Browser_softkey_next.bmp" size="9176" />
<file name="ls_Browser_softkey_refresh_dim.bmp" size="7076" />
<file name="Browser_softkey_option_dim.bmp" size="4536" />
<file name="ls_Browser_softkey_refresh_p.bmp" size="7076" />
<file name="zoombar_cursor.bmp" size="470" />
<file name="Browser_softkey_stop_p.bmp" size="4196" />
<file name="ls_Browser_softkey_option_dim.bmp" size="4536" />
<file name="Widgets_softkey_option.bmp" size="4536" />
<file name="ls_Widgets_title_bg.bmp" size="60056" />
<file name="ls_Browser_softkey_forward_p.bmp" size="7076" />
<file name="Widgets_title_bg.bmp" size="36056" />
<file name="Browser_softkey_prev.bmp" size="9176" />
<file name="ls_Browser_softkey_forward_dim.bmp" size="7076" />
<file name="Browser_softkey_option_p.bmp" size="4536" />
<file name="ls_Browser_softkey_bg.bmp" size="48056" />
<file name="ls_Browser_softkey_stop.bmp" size="7076" />
<file name="Browser_softkey_back_p.bmp" size="4736" />
<file name="ls_Browser_softkey_favorite.bmp" size="7076" />
<file name="tab_left_bg.bmp" size="6454" />
<file name="ls_Browser_softkey_option.bmp" size="4536" />
<file name="Widgets_softkey_option_p.bmp" size="4536" />
<file name="Browser_softkey_favorite.bmp" size="4196" />
<file name="Browser_softkey_bg.bmp" size="28854" />
<file name="ls_Browser_softkey_option_p.bmp" size="4536" />
<file name="Browser_progress_bar.bmp" size="132" />
<file name="browser_close.bmp" size="776" />
<file name="tab_active1st.bmp" size="30054" />
<file name="Browser_softkey_stop.bmp" size="4196" />
<file name="Browser_softkey_zoom_p.bmp" size="4736" />
<file name="ls_Browser_softkey_favorite_dim.bmp" size="7076" />
</folder_listing>

"dongle" is a colloquialism for a USB adapter, usually of the short, 'stick' type.
In this context it means a USB Bluetooth adapter.

The Java security policy file is just a text file.

For AT&T Xenons, it's /Media/java/cert/att.pol
For Rogers Xenons, it's /Media/java/cert/rogers.pol

First, MAKE A LOCAL BACKUP COPY OF THE FILE

Then open the file in WordPad (not Notepad, WordPad - because WordPad understands files with only CR and no LF) and modify it.

Once you have modified your policy file, save your new att.pol or rogers.pol file (don't overwrite your backup of the original file - save to a new file in a different location), then upload the file to your phone in /Media/Java/cert



If you look through the file, you'll find lines that look like

eventually you'll come down to a section that reads
or something very similar.

The oneshot means that every access to that function (very annoying), in this case every access to HTTP and HTTPS connections prompts you.  Also, there's nothing else listed in this section, which means ONLY HTTP and HTTPS connections are allowed - all the rest of the functions like SMS, SIM, Location (GPS), FILE (card and allowed Java filesystem areas) are DENIED.

If you look up a little bit, you'll notice
Which is the section for applications that have been signed by the LG Developer SDK.  It's all allow which means essentially the application has unrestricted access to all those function groups and doesn't even have to prompt the user first.


If you trust all your applications not to do sneaky stuff, you can just delete the oneshot: HTTP_HTTPS line under domain: untrusted and copy all the allow: ____ lines so it looks like:
In this case, apps have access to pretty much all phone functions and are not required to prompt the user.  Essentially this is leaving the door unlocked.  If you download a malicious application that tries to delete all your SIM contacts, upload your location somewhere, whatever, it will work and you will not see any sign of what it did, because it is not required to prompt the user.


If you're a little more cautious and want to be notified the first time an app uses a particular function, but not on additional accesses on that run of the application, you can use session(oneshot): instead, so your domain: untrusted section would look like:
This will prompt you on access the first time a function is used, on every use of the application.  This means if you run Gmail, it'll ask you for access once, then you won't be asked again until you exit Gmail.  If you exit Gmail, then run it again, it'll ask you for access once, but if you just leave Gmail running, it won't ask for access again unless it's for a different function.


There are other variations you can use, like blanket(oneshot) which (I think) asks once then never asks again until the app is uninstalled  - or you can remove lines for functions you don't want apps to be able to use.

For example, you'll notice that even signed apps have certain restrictions, at least in AT&T-land, only apps signed by AT&T "Trusted" root have access to the Location API (which includes the GPS).  The AT&T "Preferred" root apps have access to the same stuff except SIM and Location.

Third-party apps have access to an even smaller set of functions, until finally your reach untrusted (unsigned, or signed by an unrecognized authority) applications which have only HTTP and HTTPS access, with prompt on every access (oneshot).


Note: You can actually go and install the LG Developer SDK, then re-sign applications as a developer (I call this "dev signing") but it's a real PITA compared to just changing your Java policy file.

I got 2.7 from the site pointed to on the package of my POTHXXXXAD09 Bluetooth dongle.

I just purchased a Xenon off of fleabay to replace my old phone and am willing to dedicate it to some hacking.


From reading this thread, and just to confirm, we do have write access everywhere on the phone correct?
If so...
Have we figured out a way to modify the SMS Message limit? If not, I can start working on that as soon as I get a bluetooth dongle.

Looking through the filesystem that was posted, it looks as if it would be a modification of a couple files, but since I have never dealt with a .pxo file before I am not quite sure what to expect.

I will be available all summer to do the hacking since my 9-5 can get pretty slow most days.