Page 3 of 26 FirstFirst 1234567813 ... LastLast
Results 41 to 60 of 506
  1. SirWill's Avatar
    Posts
    439 Posts
    Global Posts
    492 Global Posts
    #41  
    Quote Originally Posted by chris_phelps View Post
    NOTE: despite what SirWill is saying, it is required that you be in dev mode for novacom to work correctly. The firewall rules will prevent your computer from contacting your device otherwise. The reason that his phone is working outside of dev mode is most likely that he has hosed his iptables.
    I have rooted my pre, I have enabled usbnet, and turned on dhcp serving. That is why I wanted it tested on a 1.0.4 pre that has not been rooted. You are probably right and probably something related to my config on the pre is allowing it to not be in developer mode. I will actually try it tonight on my wife's Pre that hasn't been rooted.

    My thoughts on this was simply hopeful thinking.
  2. terryman's Avatar
    Posts
    55 Posts
    Global Posts
    59 Global Posts
    #42  
    Quote Originally Posted by sir_mycroft View Post
    I posted this in the Hhomebrew section:

    1. Download the Mojo SDK to your PC by going here:

    2. Set your Pre to developer mode by typing the following in Universal Search: upupdowndownleftrightleftrightbastart. Follow the prompts.

    3. Hook your Pre to your PC in “Just Charge” mode. Files will (automatically?) install.

    4. Restart your Pre.

    5. Download the desired app to your PC from the Homebrew App thread here:

    6. Drag the .ipk file for the Homebrew App onto Program Files>Palm>SDK>bin>palm-install.bat on the PC (a cmd prompt will pop up and after this you should see the app icon in your programs on the Pre).


    Mostly taken from work of JohnLBurger and Drybonz, Does it get easier than this?
    I have installed the SDK on my computer and it is running, but what do you mean by step 3? Just plugging in my pre does not download any files to it.
    Help
    Last edited by terryman; 06/30/2009 at 05:47 PM. Reason: fixed problem
  3. terryman's Avatar
    Posts
    55 Posts
    Global Posts
    59 Global Posts
    #43  
    Nevermind - chose USB instead of Just Charge.

    Once I did that - works great -thanks!
  4. xorg's Avatar
    Posts
    633 Posts
    Global Posts
    1,010 Global Posts
       #44  
    After looking at the palm-install.bat, it lead me to search for 'installer' on the Pre, and found this...

    /usr/palm/applications/com.palm.app.findapps/weave/services/applicationinstaller.jsjsjs

    wiz1999 referenced weave earlier.

    Methinks the bat file and associated jar functions sends it arguments to this script - not strong enough in java. If we can figure out a way to trigger this and feed it the needed arguments through the nova driver, it could be 3rd base. Methinks this is what the SDK does. We might be able to bypass all of the other .jar dependencies within the SDK. There will still be a dependency on the Novacom drivers, but let's not deal with that yet.
  5. sam1am's Avatar
    Posts
    172 Posts
    Global Posts
    176 Global Posts
    #45  
    I don't get Xorg's call to be totally white hat. If Palm doesn't yet allow applications to be installed from third parties in any legitimate fashion, than *any* solution will be, by definition, an exploit or a hack. Probably as in the case of the email install hole, it will be patched by Palm. Until they are ready to release an official way to do it (*IF* they ever do, and let's pray to the gods they do), they will continue to patch any holes that we find.

    If they want to be like Apple, then sideloading apps will forever be a cat and mouse game with us finding ways to do it and Palm blocking us in the next update.

    We have no responsibility towards Palm to be "white hat." What does that even mean? What would be a black hat method to sideload apps without rooting? It's our device so we can pretty much do what we want with it within the law, and anything in our Sprint TOS will be irrelevant once a WebOS device hits another carrier.

    I get the idea behind pandering to Palm, but it's flawed. Let's remember that Palm is the one that needs to be pandering to us.
  6. xorg's Avatar
    Posts
    633 Posts
    Global Posts
    1,010 Global Posts
       #46  
    Palm hasn't confirmed they will not allow sideloading. They plugged the email hole probably because of the security issue that it can load things without user awareness, not specifically because of loading apps. This initiative will press the issue. If Palm blocks all attempts to sideload (on stock Pre), then it demonstrates they plan to be just as authoritarian as Apple. Imagine if Apple only allowed approved apps for MacOS or if Microsoft approved all apps for Windows - that would be considered insane and most of us would move one to something else. I will move on if Palm locks down webOS to only pre-approved apps.

    If someone wants to take the information out of this thread and take it underground, that's what happens, but I'm not and won't be a part of it. There's a delicate balance for doing this in the open, and white hat is safest if we are going to get ideas out publicly. Palm might allow some methods to go through. It's worth a shot. If they don't, they send a big message of being another proprietary, authoritarian Apple.

    Black hatters will use existing code and not expose their methods, which Palm would figure out anyway. That's not what this effort is about. Palm benefits from white hatters and may allow certain methods through that are not a risk. Keep in mind that Palm themselves hacked, tricking iTunes with a spoof method. Was kinda grey hat actually. Will be interesting to see if Palm plays this out hypocritically.
  7. SirWill's Avatar
    Posts
    439 Posts
    Global Posts
    492 Global Posts
    #47  
    Quote Originally Posted by SirWill View Post
    I have rooted my pre, I have enabled usbnet, and turned on dhcp serving. That is why I wanted it tested on a 1.0.4 pre that has not been rooted. You are probably right and probably something related to my config on the pre is allowing it to not be in developer mode. I will actually try it tonight on my wife's Pre that hasn't been rooted.

    My thoughts on this was simply hopeful thinking.
    And my hopeful thoughts were wrong. When I try it with my wife's pre not in dev mode the pc says "no device found"

    Oh well
  8. #48  
    Hi guys,

    Not sure if this is already documented but I have found the following...

    Running the following command in the SDK against the emulator
    SDK\bin>palm-install.bat <path to ipk file> --debug

    causes the IPK file to be copied to /media/internal/developer/*
    The --debug switch tells the device to not delete the IPK when the install fails.

    The above command runs the following on the Pre itself
    luna-send -i palm://com.palm.appinstaller/installNoVerify '{"target": "/media/internal/developer/FILENAME.ipk", "subscribe": true}'

    It is palm://com.palm.appinstaller/installNoVerify which checks the validity of the IPK file so changing the SDK might not do it alone unless someone can find a new option instead of installNoVerify.

    Running
    SDK\bin>palm-install.bat <path to any file> --debug
    will copy any file you want to /media/internal/developer.

    This may be helpful too.

    I will see what else I can find in com.palm.appinstaller.

    Hope this helps
  9. xorg's Avatar
    Posts
    633 Posts
    Global Posts
    1,010 Global Posts
       #49  
    Great great info, greg_roll.

    I just manually put an .ipk in /media/internal/developer (the USB drive) and ran the command within rooted pre...

    luna-send -i palm://com.palm.appinstaller/installNoVerify '{"target": "/media/internal/developer/FILENAME.ipk", "subscribe": true}'

    ...and it installed.

    So we just need to figure out a way to execute that command over novacom, hopefully while bypassing a lot of the SDK baggage. We may only need to require the user loads webOS Doctor and not the SDK, though I have other ideas for using 3rd party novacom drivers. More on that later.

    Another possible angle is to create a website that includes webOS libraries and can either execute the above command or trigger the luna install from an SDK library. That might allow someone to manually place a file anywhere in the USB drive (/internal/media) and then visit a website to complete the installation.
  10. sam1am's Avatar
    Posts
    172 Posts
    Global Posts
    176 Global Posts
    #50  
    Quote Originally Posted by xorg View Post
    Palm hasn't confirmed they will not allow sideloading. They plugged the email hole probably because of the security issue that it can load things without user awareness, not specifically because of loading apps. This initiative will press the issue. If Palm blocks all attempts to sideload (on stock Pre), then it demonstrates they plan to be just as authoritarian as Apple. Imagine if Apple only allowed approved apps for MacOS or if Microsoft approved all apps for Windows - that would be considered insane and most of us would move one to something else. I will move on if Palm locks down webOS to only pre-approved apps.

    If someone wants to take the information out of this thread and take it underground, that's what happens, but I'm not and won't be a part of it. There's a delicate balance for doing this in the open, and white hat is safest if we are going to get ideas out publicly. Palm might allow some methods to go through. It's worth a shot. If they don't, they send a big message of being another proprietary, authoritarian Apple.

    Black hatters will use existing code and not expose their methods, which Palm would figure out anyway. That's not what this effort is about. Palm benefits from white hatters and may allow certain methods through that are not a risk. Keep in mind that Palm themselves hacked, tricking iTunes with a spoof method. Was kinda grey hat actually. Will be interesting to see if Palm plays this out hypocritically.
    Maybe I'm the only one here not getting it - but I don't think you're making any sense. You're saying let's all get together and hack a way to install apps, but let's be "white hat" about it - which apparently means not taking underground, which also doesn't make any sense. There's this big deal and all these disclaimers about how we're white hat and trying to keep Palm happy but what's the point? I don't think that means anything other then trying kiss up to Palm and make them like you.

    If Palm was excited about having us sideload applications, they would have added a confirmation prompt to the email install method rather than disabling it. Or they would have given us some other way to do it.

    Why do you feel we have any responsibility to Palm in what methods we employ in hacking our devices?
  11. #51  
    with an attitude like that of course they arent going to be happy... if palm really didnt want us to find another way they could completely close everything down including dev mode, but do they do that.... obviously not!!! the only reason palm closed the email loop hole was for security purposes thats it... Palm needs the dev community and would never try to stop us from homebrew install, but it also has to maintain the integrity of its OS
  12. #52  
    Quote Originally Posted by xorg View Post
    So we just need to figure out a way to execute that command over novacom, hopefully while bypassing a lot of the SDK baggage. We may only need to require the user loads webOS Doctor and not the SDK, though I have other ideas for using 3rd party novacom drivers. More on that later.
    um, since you mention it now, the webOS doctor contains all java code necessary to perform the same installation that palm-install performs.
    Has anybody figured out how the webos doctor accesses the pre without it being in dev mode?
  13. #53  
    Quote Originally Posted by knightflores View Post
    with an attitude like that of course they arent going to be happy... if palm really didnt want us to find another way they could completely close everything down including dev mode, but do they do that.... obviously not!!! the only reason palm closed the email loop hole was for security purposes thats it... Palm needs the dev community and would never try to stop us from homebrew install, but it also has to maintain the integrity of its OS
    I agree with you but were people getting random emails with malicious .ipk files? Was this REALLY a problem right now? Couldn't they close this later when they released a proper way to side load?

    That is all I am asking.
    Systems Analyst by trade, Drummer by desire and Music Lover by birth. A self proclaimed Geek and gadget nut. ii

    Did you know: The Pittsburgh Steelers have more championships than 21 other NFL teams combined!
    Pittsburgh Steelers-6 Time Super Bowl Champions!

    Pittsburgh Penguins-3 Time Stanley Cup Champions!
  14. sam1am's Avatar
    Posts
    172 Posts
    Global Posts
    176 Global Posts
    #54  
    Quote Originally Posted by knightflores View Post
    with an attitude like that of course they arent going to be happy... if palm really didnt want us to find another way they could completely close everything down including dev mode, but do they do that.... obviously not!!! the only reason palm closed the email loop hole was for security purposes thats it... Palm needs the dev community and would never try to stop us from homebrew install, but it also has to maintain the integrity of its OS
    How could Palm allow people to develop for the phone if they closed down developer mode?

    If Palm wanted us to be able to side load apps they would have given us a way. Any hack will be a security hole by definition, since whatever way we find will not have been intended as a method to install apps.

    Again, we don't have a responsibility to keep Palm happy. Palm is the one who has to try to keep us happy.

    Whatever hole is found to install apps without rooting will be blocked just as quickly as the last. It will be the same kind of security vulnerability.
  15. sam1am's Avatar
    Posts
    172 Posts
    Global Posts
    176 Global Posts
    #55  
    Quote Originally Posted by 1Paladin View Post
    I agree with you but were people getting random emails with malicious .ipk files? Was this REALLY a problem? Couldn't they close this later when they released a proper way to side load?

    That is all I am asking.
    Exactly. There are a lot of things that would have to take place for this to become a problem.

    1. Someone would have to find a list of people who own Pre phones.
    2. That person would have to be able to find email addresses for those people.
    3. That person would have to know how to develop for WebOS. To do anything really harmful, he would probably have to have more information than is publicly available.
    4. That person would also have to be malicious
    5. People would have to not only receive the email and click the link, but they would then have to run the application.

    I'm not saying it's impossible, but it's not a very likely scenario any time in the near future.
  16. #56  
    Whatever hole is found to install apps without rooting will be blocked just as quickly as the last. It will be the same kind of security vulnerability.
    Really? Then why hasn't palm fixed the "security hole" that lets us root?
  17. sam1am's Avatar
    Posts
    172 Posts
    Global Posts
    176 Global Posts
    #57  
    Quote Originally Posted by linwiz311 View Post
    Really? Then why hasn't palm fixed the "security hole" that lets us root?
    That is a feature, not a hole. It is by design. They didn't accidentally put that there.

    There is no "by design" way to install apps outside of the app store without rooting and having the SDK.
  18. #58  
    Quote Originally Posted by sam1am View Post
    How could Palm allow people to develop for the phone if they closed down developer mode?

    If Palm wanted us to be able to side load apps they would have given us a way. Any hack will be a security hole by definition, since whatever way we find will not have been intended as a method to install apps.

    Again, we don't have a responsibility to keep Palm happy. Palm is the one who has to try to keep us happy.

    Whatever hole is found to install apps without rooting will be blocked just as quickly as the last. It will be the same kind of security vulnerability.
    Simple if palm wanted they could hand out phones in which dev mode is enabled and close it to the rest of us in an OTA... But the point of this thread is not to argue these points, nor to see who's stick is bigger... We agree to dis-agree. Lets just try to come up with an install method and put the ball in Palm's court then see what happens.
  19. sam1am's Avatar
    Posts
    172 Posts
    Global Posts
    176 Global Posts
    #59  
    Quote Originally Posted by knightflores View Post
    Simple if palm wanted they could hand out phones in which dev mode is enabled and close it to the rest of us in an OTA... But the point of this thread is not to argue these points, nor to see who's stick is bigger... We agree to dis-agree. Lets just try to come up with an install method and put the ball in Palm's court then see what happens.
    You're right, so I'll stop polluting this thread with off-topic philosophy debates.

    I DO have an install method that doesn't require rooting, but it's "black hat" so I'll go find other people in the shadows to share it with.
  20. #60  
    That is a feature, not a hole. It is by design. They didn't accidentally put that there.

    There is no "by design" way to install apps outside of the app store without rooting and having the SDK.
    No, if Palm wanted to shut it down, they could. First of all, the root account is not even secured with a password. It'd be easy to reset the password in an OTA update and release an updated version of the sdk to those in the early access developer program.

    This may be a noob question, but can apps get access to the internal system? If so, we can make an app to run the system commands that xorg was talking mentioned. It'd be a user friendly way to open a hole to install more apps.
Page 3 of 26 FirstFirst 1234567813 ... LastLast

Posting Permissions