Sunday, October 28, 2007

Symbian Dissected

The greatest and the most unassailable software fortress has been broken.I am talking about about Symbian's Platform Security.This has come as a shock to everyone.The impregnable platform is no more safe and has amazed all veterens of symbian os.This has opened the doors and paved way for all the 3rd part software to easyly access the system files which symbian never wanted.

As a symbian developer i never thought "symbian Platform security" could be broken!! Well it has already been done according to this post at he even has a post like this

"Goodbye S60 Platform Security, Hello CAPABILITIES!"

Symbian was boasting about their platform security.This came as a slap on their face. In fact Symbian would be in a state of shock now since the hack was fueled by Nokia's Firmware update "NSU" .
This person was able to intercept firmware downloaded by NSU make some modifications and then flash it on to the device and voila!! you have a device which can grant full all access to the symbian file system system.

He refers to using a simple "SWIPOLICY.INI" file which is SoftWare Instalation Policy
the description can be found in Symbian developer library and is well documented.
According to the document

When installing native Symbian OS packages (.SIS files) onto a device, the code performing the installation (the Software Inst aller, sometimes referred to as SWI) first reads the settings in a policy file in ROM (swipolicy.ini) to determine how the installation should proceed. Swipolicy.ini is configured by a device manufacturer prior to device shipping.

This document describes the contents of tha

t policy file and the effect the settings have upon software installation. Swipolicy.ini is not divided into sections and parameters can occur in any order. This document applies to Symbian OS v9.x and onwards.

On a phone, swipolicy.ini is located in z:\system\data\. On the emulator, this corresponds to \epoc32\release\platform\build\z\system\data\.

Finally after flashing the modified firmware file t he File wil dictate how the SWI [sofware installer, which is responsible for all the installation happens on the phone] behaves.

Below is the screen shot of the file location after flashing :

and the contents of an unaltered firmware are as follows:[swipolicy.ini]

AllowUnsigned = false
MandatePolicies = false
MandateCodeSigningExtension = false
Oid =
Oid =
DRMEnabled = true
DRMIntent = 3
OcspMandatory = false
OcspEnabled = true
AllowGrantUserCapabilities = true
AllowOrphanedOverwrite = true
UserCapabilities = NetworkServices LocalServices ReadUserData WriteUserData UserEnvironment
AllowPackagePropagate = true
SISCompatibleIfNoTargetDevices = false
RunWaitTimeoutSeconds = 600
AllowRunOnInstallUninstall = false
DeletePreinstalledFilesOnUninstall = true

The hack is simple and straight forward, yet it may not be that simple to execute from everyone but the point is, even such a security can be broken!!
This has been confirmed by the Forum nokia champions like antonypranata.

Now its all left to symbian and Nokia to battle it out ant the next few weeks would be very interesting.

The hack isn't just about granting full access to 3rd party applications, it has much more severe.Lets wait what the giants have to say about this. Symbian and Nokia i think never had been challenged to this heights. well its a wake up call to all the big corporate.

No comments: