| View previous topic :: View next topic |
| Author |
Message |
Sparrow
Joined: 23 Feb 2005
Posts: 10
|
 Posted: Wed Mar 09, 2005 5:10 am Post subject: Motorola Phones, "Writer: Access Denied Error" and |
 |
|
Okay, I've been at this issue from several different sides (Trying to get j2me VNC working, which has same errrors), including muTelnet as well. And this is what seems to be the problem.
Later model Motorola phones implement a "Code Signing" feature set which is neat, however blocks unverified applications from being able to write to sockets that aren't HTTP, or HTTPS.
From http://www-106.ibm.com/developerworks/java/library/wi-secj2me.html#head5
| Quote: | Code signing
For an excellent example of high-level mobile-code security, we need look no further than Java applets, which use digital signatures and the security sandbox to ensure code safety over the Web. Here's a rough outline of how applet security works:
Prior to transmission, the applet server signs an applet JAR file using its digital certificate.
Upon receipt, the browser-side Java security manager verifies the signature and decides whether the origin and integrity of the application can be trusted.
If the digital signature cannot be verified, the runtime exits with an error. If the signature can be verified, the security manager uses the digital certificate to determine the permission domain for that entity, either by querying the client or by using a table to look up permissions for trusted entities.
Once the verification process has been successfully completed, the application code is delivered to the client.
Note that each permission domain contains a set of rules to access specific APIs. For example, an application from a lesser known source might not be allowed to read/write local storage devices or make arbitrary network connections. |
** GUESS **
From the sounds of it, just signing the application isn't enough. It would have to be signed by a trusted client. And here we have the problem!
j2me_domain_registry.sm
Some people have had success swapping this file using P2Kman with one from an unbranded v620 (which doesn't have the same problem)...
So in order to use this app without hacking your phone with P2k, maybe we just have to figure out how to read the file j2me_domain_registry.sm, determine if there are any hosts in the list that we can get certificates from, and sign the document?
Any thoughts?
_________________
----
Motorola V3 Razr, Unlocked
Provider, T-Mobile |
|
| Back to top |
|
 |
Sparrow
Joined: 23 Feb 2005
Posts: 10
|
|
| Back to top |
|
|
Comrad
Joined: 11 Mar 2005
Posts: 6
Location: Ukraine; Device: motorola v600
|
| Posted: Fri Mar 11, 2005 6:03 pm Post subject: Re: Errr... |
|
|
I can make a short translation for you:
-- usually all java apps installed on kjava folder in phone, after installing apps there are files in it:
j2meNo..jar - app itself
j2meNo..jad - app's description
j2meNo..pat - app's permissions
j2meNo..rms - app's saves
No - means the app number in phone (0,1,2,...).
So we can replace the j2meNo..pat file to the one with the open permissions, which is here:
http://motofan.ru/board/index.php?act=downloads&do=download&id=937
All we have to do is to realize what number our app has and to replace its *.pat with the one above.
You just have to look on that numbers before and after installing your app by P2kman or P2ktools (latest versions of this one have special info tab for convenience). And then you have to replace its *.pat file (for example, j2me4.pat) with the above one and rename it j2me4.pat. Then give that file the 4 attribute in p2k and set maximum permissions in app's contex menu in phone.
That's all  ) |
|
| Back to top |
|
|
Karl
Site Admin
Joined: 24 Jan 2005
Posts: 777
Location: Auckland, New Zealand; Device: SE K700i; S/W R2AA003
|
| Posted: Fri Mar 11, 2005 9:59 pm Post subject: |
|
|
Wow, that sounds complicated. Is it successful? If it is could someone write up a short piece on it so that I can attach it to the FAQ? A definitive solution!
Otherwise - my understanding is that the code would need to be signed by an authority trusted by the phone... That's probably Verisign etc? Can anyone confirm that? If it's the case then we can investigate what's involved in being able to sign! |
|
| Back to top |
|
|
Sparrow
Joined: 23 Feb 2005
Posts: 10
|
| Posted: Sun Mar 13, 2005 3:46 am Post subject: Mispost |
|
|
Edited Mispost, read below
_________________
----
Motorola V3 Razr, Unlocked
Provider, T-Mobile
Last edited by Sparrow on Sun Mar 13, 2005 3:53 am; edited 1 time in total |
|
| Back to top |
|
|
Sparrow
Joined: 23 Feb 2005
Posts: 10
|
| Posted: Sun Mar 13, 2005 3:53 am Post subject: Complicated? |
|
|
Yes, maybe. It's just a guess and I still haven't gotten it working yet. What I need is a j2me_domain_registry.sm file from /a/kjava on a motorola phone that WORKS with your program so that I can swap it with my locked up one. I'm pretty certain that file is the culprit, and it seems that if it isn't present then it assumes all apps don't have that privledge so that solution won't work. I need to edit the file to allow some external verifier, or you'll have to sign your app with one of the known verifiers. Here is a copy of the j2me_domain_registry.sm file that I have:
http://www.logichigh.com/files/j2me_domain_registry.sm.zip
Here's a version of the file I converted to ASCII so I could post it in a readable format (download the file above if you want the real deal), but you can see in it what verifiers are trusted.
| Code: |
?'(c)SpiCenYenE*<>aeOE>reE4Peue,fl3<>IAptcEBiEee5efo8c efo//u;(c)- iPX^;*RNyeaei+/-AeI/uXK/i
,OuGkOE`o'VE9oe'K'~3'}n"Na'Ee'g[OmIj[@*uyH<>mu"2ouQSumSum/l#<iUoueo8,{AAb&'/>at `^n'3'aRpi7<=n0PF?'-o !*. oQ, S/,yeS+DJNz*kOoeeO=5ibA6.YenA;ihU*8gE>=.O~Ia*>PIo< /iiijA0/00NIuOe(R)AS='NOb...?CN="Cingular Preferred Root CA",O="Cingular Wireless, LLC",C=US'=AE23/Ohm0/00i5b,E'
Obp=CN="Cingular Trusted Root CA",O="Cingular Wireless, LLC",C=US/Boew??AAe.o/aYeiooe-#UO="Motorola Inc",C=US,ST=Illinois,L=Libertyville,OU=PCS,CN="Manufacturer Domain 40-1"'S>a0/00A!ebQc[o_F...KOU="Class 3 Public Primary Certification Authority",O="VeriSign, Inc.",C=USt,1iE0/00$IEIT+.a=>at,Untrusted_Domain
|
My phone was originally from Cingular, then unlocked and put on T-mobile service, you can see that Cingular and Motorola are trusted, as is Verisign. So if you can get a signature from any of those three you could make your app work on the Moto V3 (and probably a few other Moto's with this problem) without having to have your users make any modifications.
And on a side note... no after reading the translation I think that russian page has absolutely nothing to do with this problem 
So if anyone has a motorola V5xx and the ability to get into it (P2k Manager) I would REALLY appreciate your j2me_domain_registry.sm file, if you have it, or want to help but don't know how to get it, contact me through the forum. Thank you.
Kevin
_________________
----
Motorola V3 Razr, Unlocked
Provider, T-Mobile |
|
| Back to top |
|
|
guzzirider
Joined: 23 Feb 2005
Posts: 17
Location: Philadelphia Device: Motorola A630
|
| Posted: Mon Mar 14, 2005 3:42 am Post subject: |
|
|
Let me just say that if ithis problem can be resolved by a simple code signing cert from Verisign, I for one would be happy to contribute some cash to help pay for the cert!
__Jason |
|
| Back to top |
|
|
Sparrow
Joined: 23 Feb 2005
Posts: 10
|
|
| Back to top |
|
|
mercaptan
Joined: 14 Mar 2005
Posts: 23
Location: Philadelphia, PA, USA
|
|
| Back to top |
|
|
mercaptan
Joined: 14 Mar 2005
Posts: 23
Location: Philadelphia, PA, USA
|
| Posted: Wed Mar 16, 2005 3:40 am Post subject: |
|
|
UPDATE (Mar15):
Getting closer to success. By deleting everything from the kjava directory on my a630 and uploading the j2me files from yakky's java pack (and reuploading the original J2MEPCK, I seem to have gotten past the "Reader: access denied" error.
Now MidPSSH gets to the "connecting to host...ok" phase, and then drops the connection, flashing "Reader: read.filter:java.lang ArrayIndex out of bounds exception" nearly too quickly for me to read clearly before the session report pops up.
I am able to connect successfully via SSH using Idokorro's J2ME SSH client, but their input scheme sucks (it uses ITAP instead of my Moto A630's QWERTY keyboard) and I don't want to shell out $45 to those guys. But I can now get past the crippled sockets on my T-Mobile A630 (I have the regular T-Zones plan and connect to a computer running sshd on port 995).
Still, what is that Java error? And what can I do about it? I feel like I'm so close to getting this to work! |
|
| Back to top |
|
|
Sparrow
Joined: 23 Feb 2005
Posts: 10
|
| Posted: Wed Mar 16, 2005 4:18 am Post subject: Hey |
|
|
Having some trouble finding the a630 flex you mentioned, could you do me a favor and zip the java folder (the good one) that you've got and e-mail it to me so I can try putting it on my Razr?
01@logichigh.com
Thanks in advance!
_________________
----
Motorola V3 Razr, Unlocked
Provider, T-Mobile |
|
| Back to top |
|
|
Karl
Site Admin
Joined: 24 Jan 2005
Posts: 777
Location: Auckland, New Zealand; Device: SE K700i; S/W R2AA003
|
| Posted: Wed Mar 16, 2005 8:25 pm Post subject: |
|
|
Hi,
Great - it sounds like code signing may be a solution. It looks like the Verisign one is US$400? Does anyone have any experience signing code with Verisign?
Part 2 - the ArrayIndexOutOfBoundsException. Perhaps you could start a new thread and mention the version that you're trying? There are a few of these exceptions occurring and I'd like to track them down! |
|
| Back to top |
|
|
mercaptan
Joined: 14 Mar 2005
Posts: 23
Location: Philadelphia, PA, USA
|
| Posted: Wed Mar 16, 2005 8:45 pm Post subject: Re: Hey |
|
|
| Sparrow wrote: | Having some trouble finding the a630 flex you mentioned, could you do me a favor and zip the java folder (the good one) that you've got and e-mail it to me so I can try putting it on my Razr?
01@logichigh.com
Thanks in advance! |
You can snag it right here, Sparrow, http://moto.x2-hosting.com/downloads/v620java.zip
Karl: Will do. Is there some way to turn off the Session Report, or otherwise access an error log? The exception kept being replaced by the Session Report before I could read it and I had to keep generating the error and scribbling down one word of the error at a time.[/url] |
|
| Back to top |
|
|
ksheehan
Joined: 14 Feb 2005
Posts: 18
|
| Posted: Wed Mar 16, 2005 8:49 pm Post subject: |
|
|
I have information that newer devices (v551, etc.) from Cingular are set to dissallow untrusted or 3rd party trusted apps that use javax.microedition.io.Connection.socket (as well as ssl and various other 'fun' services). They flat out refuse to grant it...
Now my 'removing' the file on my phone allowed the MIDPSSH app to work as it now does not 'see' that restriction.
It should be possible without much difficulty to pursue and obtain a free validation and certificate from Cingular. Cingular only 'trusts' apps signed by Cingular or the manufacturer... Motorola in this case... not Verisign.
The site I found all this on is here.
BTW... below is the document that describes the Cingular j2me MIDP 2.0 security policy. |
|
| Back to top |
|
|
Karl
Site Admin
Joined: 24 Jan 2005
Posts: 777
Location: Auckland, New Zealand; Device: SE K700i; S/W R2AA003
|
| Posted: Wed Mar 16, 2005 9:12 pm Post subject: |
|
|
| Thank you for that. As we've discussed - this indicates that we require Cingular signing for it to work on Cingular devices. Or Motorola signing etc. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
