Windows Phone 7 unlocker: ChevronWP7

November 26, 2010 · 4 min read

My motivation for this post is to hopefully have a single place for my thoughts on just what "jailbreaking" means on WP7, what this tool has done, what MS can do, and well pretty much anything else related to the subject.

I have friends invested in WP7 and I completely understand their concern. Another motivation was following a thread from a friend back to this unfortunate starting point: http://twitter.com/#!/ChrisWalshie/status/7967096923226113 (@mikebmcl being my friend in the situation). This was likely in response to this post: http://www.chevronwp7.com/post/1686961408/our-stance-on-piracy. This resulted in one of the other names on the project issuing this post: http://www.istartedsomething.com/20101127/my-thoughts-on-my-thoughts-on-chevronwp7/ leading back to a further post from Mike. That's a lot of concern from both sides.

I don't like the term Jailbreaking in this instance as that seems to infer, based on iPhone and Android definitions, that the carrier lock is also circumvented and you can possibly use your phone anywhere. Let's be clear, this tool is only useful for loading XAP files to the device without a marketplace account. You are still very much "in jail" and tied to the big bad wolf carriers but using the term jailbreaking does give you recent legal protection to a degree.

The problem with opinion in this matter, on both sides, is it doesn't seem to be grounded in complete truth. Comments on Mike's blog talk about a smartphone being like a PC and should be unlocked for all. While at a basic hardware level this is true, what is actually created is more of a specialized hardware device like an Xbox 360. You are given a big walled garden that just so happens to use phone capabilities and the internet but essentially from a legal standpoint you aren't given the keys to this kingdom. You are merely allowed, by the rightful rulers of the realm, to breathe the air they've given you for the low low price of $100 USD.

Windows Phone 7 devices require Windows Live ID to use the cool parts. Windows Phone 7 devices require apps be bought/loaded from the marketplace only. This by nature creates a unique ID between Windows Live ID of the purchaser to the app ID given by the marketplace. Microsoft can literally tell who has purchased what application on which device. This to me, is "game over, man!" for the most part.

At ReMIX Atlanta '10, Brandon Watson was asked a question regarding sideloading of apps besides marketplace for enterprise developers that wish to install apps that the public shouldn't see (think government, high security firms) and at the time they didn't have an answer but were working on it. Part of the answer is what this tool does, unlocking, but consider what this means. Every employee with a wp7 will have to unlock their device to run their company-mandated app? This enterprise app won't be submitted to the marketplace so I don't believe it'd be as trackable. We're essentially saying here "the piracy that matters (i.e. marketplace content) is covered" but the question somewhat remains about where that leaves the private enterprise.

I didn't bring ReMIX to hold Brandon or MS to a firm answer, just that steps can still be made to "tighten up the graphics" so to speak. Worst case, this tool is bringing exposure to the real risks you face as an appdev on the WP7 marketplace.

Here are what I believe are steps to mitigate piracy in any wp7 device:

  • Obfuscation - Provided it works 100%, Reflector returns lovely little "This has been obfuscated and cannot be disassembled" messages.
  • Keep track of your main project's GUID or if extra paranoid, create an extra unique ID in your app that you know won't be altered by the marketplace.
  • If you're using the network, use analytics if you can spare the data. You have to be careful here to stick to the rules of both the analytics firm and the marketplace guidelines but this does provide a method of phoning home.
  • Microsoft has a lot of tools at their disposal to fight for you. You sign agreements to use the WP7 device and I believe MS is within its right to ban a Live ID from any WP7 device.
  • It's likely every time an app is loaded the phone sends MS the live ID and app GUID regardless of marketplace status. Worst case it can collect this locally until time of an OS update if network access is never used.

Pre-Post Update: Before I had a chance to finish my thoughts on this post even more statements have been flying on this issue. http://www.winrumors.com/microsoft-using-chevronwp7-unlock-could-render-windows-phone-7-permanently-unusable/ reads as fear to me, like MS would easily "flip a switch" to render your phone useless. I personally read that as "If you're unlocking your phone using this tool, you run the risk of anything happening and a carrier or MS is legally within right to exact anything mentioned" which isn't quite as heavy handed as the comments were leading towards.

I also want to be clear about where I stand. I believe tools like this are a valuable resource. There is a hole that desperately needs to be addressed, not only in downloading XAP files but unlocked devices. Developers talk in code so until you saw a working proof of concept you weren't going to really listen. Mike is a developer on the marketplace so I completely understand his frustration but I consider the backlash on both sides unfortunate and unwarranted. You're both right to some degree and wrong in others. I have deep respect for Mike, the ChevronWP7 team, and the efforts that lead to their discovery after learning about it on XDA. Hopefully civilized discussion on what boundaries should be set can continue versus whatever the hell is happening now.

Update

October 8, 2010 · 2 min read

I promise I haven't been intentionally neglecting you, Mr. Blog.

A lot has changed since the last time I posted here. I basically got laid off from a position in IT working for my dad's company at Omega HR Solutions, Inc. I transitioned into a career path I chosen in college: software development. It was rather fortunate that I had been doing a lot of work in .NET throughout the 10+ years of working for them to produce relatively usable code.

My current position is with Swerdlin & Company officially as "Software Developer" until a cooler title can be coined. Normally, I usually keep a low profile regarding my employment primarily due to negativity I tend to generate regarding some of the work I've done in the past. I think that behavior is going to change dramatically. Why? Well even the worst most annoying task I can be assigned is an exciting challenge and it isn't every day I can say that.

Even though my dataset is limited, Swerdlin is the greatest company I've ever worked for. We have an annual Dog Day in June, "Giant cupcake day" (STARS) roughly every 1-2 months, and I'm given a great deal of professional and creative freedom. I'm typing this on my laptop that I'm allowed to bring in every so often to work on personal projects. My boss' reaction to asking was "If you're working on a personal project, what you learn is directly transferable" to paraphrase a bit. Amazingly cool.

I'm hoping that with this post I'll start a renewed desire to post more but I might be starting more music related posts. Part of me doesn't want to considering "music blogs" are a considerate portion of the online community map but perhaps I can find something to make it unique. Initially I hope to post reviews of some of my favorite bands latest works or critiques of the more recent concerts I've been to.

Here's a partial list of what's coming:

  1. My friend Andrew's band V. Caldera played a "badass" show (their terms) at The Vinyl on September 25th.
  2. Avenged Sevenfold's latest album Nightmare is insanely awesome.
  3. Ditto for Atreyu's Congregation of the Damned despite it being out for nearly a year before I heard of it.

I also plan on actually writing music so my hope is to also use this blog to flesh out ideas and various universes characters can play in. My intention is to create moods using (hopefully) complete backstories in some ways like how Coheed & Cambria work but not directly. I suppose only time will tell if the idea is useful or useless.

ASP.NET MVC hosting lesson: Elmah and SQL Server 2000

April 3, 2010 · 2 min read

Background

Technically this isn't specific to ASP.NET MVC at all, that just happens to be how I use Elmah. I started work on an ASP.NET MVC project with certain erroneous preconceived notions. I originally started the database with SQL 2008 in mind because I run Windows 7. An easily accessible staging server used SQL 2005 and it was here that I ran into my first compatibility snag. A database project may be set for an earlier revision but you can't transplant those .bak files and expect them to restore. This is generally 101 level stuff but something I tend to keep in the back of my mind at the worst times.

This staging issue foreshadowed production: the shared hosting company I use is running SQL 2000. Argh! Luckily this process was less painful: I used SQL Publishing Wizard and SQL 2000 in a virtual machine to get the database on the lowest common demoninator. Once in SQL 2000, the backup files will easily restore in any future version of SQL. Because the push to production is so infrequent and changes can be diff'd easier than rebuilt I've settled on a structure of Development: 2005, Staging: 2005, and Production: 2000.

Elmah and SQL 2000

I chose an Elmah version (1.1.11517.2009) that dealt specifically with SQL 2005 but was hopefully new enough to be relative to ASP.NET MVC. Switching to SQL 2000 produced a very minor snag: the database script needed to be downgraded.

Fortunately, and with the help of Google code, I could go back to other revisions of the same file in the Elmah codebase and find a version suited for SQL 2000 dated earlier this year. Here's the diff link to show what changes were made: http://code.google.com/p/elmah/source/diff?spec=svn705&r=643&format=side&path=/trunk/src/Elmah/SQLServer.sql&old_path=/trunk/src/Elmah/SQLServer.sql&old=568. When downgrading to SQL 2000, use the left hand side or you could just download the file.

Update (2019): Since Google Code has long been out of service, Elmah can now be found at https://elmah.github.io/. To get an appropriate SQL 2000 file, you may have to look at v1.0 and v1.1 sources. I would think in 2019 you would likely choose a more recent SQL Server version.

While you are there, you might as well follow the examples given by Scott Mitchell Keeping ELMAH's Error Log Size In Check and Deleting All Records In a Table EXCEPT For the N Most Recently Added Records. Why both? The first prunes any records beyond a date range to keep errors relevant. The second makes sure your database stays small in case of anything that can trigger a large number of records within your date window.

Using jQuery to Simulate the <Blink> tag

March 15, 2010 · 2 min read

While this post actually has nothing to do with ASP.NET MVC directly, the only common denominator is that I came up with this technique while working on the platform.

To be a true 1:1 copy of the previous website I would be converting to ASP.NET MVC, I had to come up with a way to reintroduce the <blink> tag to XHTML. While you are perfectly able to use <blink> it doesn't actually do any blinking in IE8 or Firefox. To show that properly, jQuery comes to the rescue.

The technique is really pretty simple:

  1. Define your element with an arbitrary id or class (i.e.: <div id="#alertheader">)
  2. Style the content accordingly
  3. Use jQuery/javascript to show and hide content on an interval
setInterval(function() {
    jQuery.each(jQuery.browser, function(i) {
        if ($.browser.msie) {
            $('#alertheader').css({ opacity: '0' }).stop().animate({ opacity: '1' }, "fast", "swing");
        }
        if ($.browser.mozilla) {
            $('#alertheader').stop().animate({ opacity: '1' }, "fast", "swing");
        }
    });
}, 600);

You should hopefully notice the caveat I ran into immediately. IE and Firefox animate their opacity changes differently so it required special handling. An easy exercise for the reader would be to optimize this code to remove the IE/Mozilla check during the setInterval call.

You can achieve similar results by using a series of .fadeOut(x).fadeIn(x) calls but I had to make sure the sum of all calls didn't become less than the setInterval "loop" or it would blink wildly. The other problem it introduces is when text "fades" it can often look weird in either browser if you use a relatively fast interval. This became a headache very early on.

While I can't take whole credit for the technique, the primary Stack Overflow problem that got me started can be found here: http://stackoverflow.com/questions/1375646/jquery-animate-opacity-doesnt-work-properly-on-ie. In the post the user Eric states that jQuery should handle the opacity support for you. It does. For some reason to produce output I felt was adequate, no one definition would work across both browsers.

Moving...

February 1, 2010 · 1 min read

I'm still in the process of moving but managed to move the computer + desk. I've moved to a much smaller room but the group of friends is a little more in sync compared to the other living arrangement. I still need to share living with other people which tends to suck in certain directions.

I'll reiterate the obvious: moving sucks. I'm sore. I haven't slept much but I'm thankfully about 80% done. Cleanup is going to suck and thankfully I can take trash to where I am now then dump it at work periodically where they have a bigger trash collector.

The only costs so far have been time and gas money, with a large help from my fiancee Miranda.

I was living with someone who has easily gotten by without the internet for a week. Myself? Not so much. I enjoyed "time off" but as a visual learner that needs to see things in front of him, it became incredibly difficult to walk anyone through anything internet related. I made it a point to be very much a part of a plugged-in culture and that showed how dependent others were on my involvement.

I think most of all at the moment I miss my bed and the ability to just do something on the computer then pass out. I should take the opportunity to break the habit as much as possible though.