Symbian Open Signed只是一场骗局

好不容易盼到symbiansigned.com重新开放的“Open Signed”流程完全不像它此前所宣称的那样“Open Signed meets the needs of freeware, open source, and personal use developers”。

刚刚修改FontRouter实验得出的结论:现在没有Publisher ID,无论是Protected range还是Unprotected range的UID都不能使用“Open Signed”,也就是说普通最终用户再也无法通过“自认证”的方式使用那些以“未认证”方式发布的需要认证权限的软件了。

FAILURE: Submitted .sis file uses a UID that is not allocated to the account holder matching this email address (0xa000#### )

Symbian走上了一条独裁者的道路,独立开发者和普通用户的自由权利正在被废除,取而代之的是“付费授权”和“合作伙伴”才能享受到原本属于他们的权利。口诛笔伐已经无济于事,是应揭竿而起(Call for a real symbian signed exploit!)还是彻底抛弃(Windows Mobile is open to the world!)呢?

Find the UIDs and Capabilities of Symbian EXE/DLL

(1) Emulator Build (Win32 PE)

First, find the start address of section “.SYMBIAN” by typically using “dumpbin /section:.SYMBIAN <Excutable File>”.

The output looks like:

SECTION HEADER #6
.SYMBIAN name
30 virtual size
17000 virtual address (00417000 to 0041702F)
1000 size of raw data
17000 file pointer to raw data (00017000 to 00017FFF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
C0000040 flags
Initialized Data
Read Write

According to the line containing “virtual address”, section “.SYMBIAN” starts at address 0x00017000.

Now, use any hex-editor to view the content at this address:

00017000h: 7A 00 00 10 00 00 00 00 B2 97 1F 10 5E 01 00 00
00017010h: B2 97 1F 10 57 B6 1F 10 B6 E1 0F 00 00 00 00 00

The first 3 dwords are UIDs: 0x1000007A stands for “Symbian EXE”, 0x101F97B2 is the unique UID of this file. (no UID2 for Symbian EXE, but this field is essential for DLL to indicate the framework, eg. 0x10009D8D for ECOM)

The capabilities field at offset 0x18h holds all the capabilities for this executive in the form of bitmask. Thus, 0x000FE1B6 is translated to the following capabilities: (see enumerator TCapability in Symbian SDK)

CommDD PowerMgmt ReadDeviceData WriteDeviceData TrustedUI ProtServ NetworkServices LocalServices ReadUserData WriteUserData Location SurroundingsDD UserEnvironment

(2) Target Build (Symbian PE)

3 UIDs located at the very beginning of the executive file, and the capabilities field is at fixed offset 0x88h. (same meaning as described for emulator build)