An Australian coder has posted explanations and videos showing a way to access some private, unmanaged dynamic link libraries on his Samsung Windows Phone 7 handset, and the registry and file system. The announcement is sparking widespread speculation that Microsoft's mobile OS will soon be "jailbroken," allowing users to load applications of their choice, outside of those officially approved on Microsoft's Zune Marketplace.
Many observers expect a Windows Phone jailbreak is inevitable, but it apparently won't be as result of this exploit.
The developer, a Windows programmer named Chris Walsh, posted last week that he had found a way for his Windows Phone to use private DLLs on his Samsung phone. The DLLs were created by Samsung, and are unmanaged, meaning they run outside the virtual machine that is required for all third-party WP7 apps and games. Walsh built his exploit on a discovery initially made by a coder with the handle hounsell at XDADevelopers.com.
The significance of Walsh's achievement is open to debate. Long Zheng, a programmer who runs the istartedsomething.com blog, asserts that Walsh "was able to successfully code and deploy a valid WP7 application using the developer sideloading process to a Windows Phone 7 device that inherited the ability to run unmanaged code." Zheng appears to mean that it was Walsh's "app" that inherits this ability.
Walsh himself seems to be minimizing, somewhat, the implications. He doesn't claim to be deploying a native application, and in the blog posts headline he puts the word "native" in quotes, making clear later in the post that it is certain existing DLLs that are unmanaged, and being used by his application. "Sure you're now loading native DLLs, but your application is STILL running as a managed instance, and you are still bound to the normal restrictions from the OS. You will still get tombstoned, killed etc.," he writes in conclusion.
That's because the application itself, according to some observers, remains a managed application relying on Microsoft's Silverlight environment.
Windows Phone 7, like other leading mobile operating systems, requires all applications, including games, to run as "managed code" in a virtual machine (supplied in this case either by the run-time environment from Microsoft's Silverlight or XNA Studio tools). The virtual machine interprets the application's requests and passes them off to the underlying operating system. Microsoft's previous mobile OS, Windows Mobile, allowed native applications, which could directly address the operating system resources.
Technically, Windows Phone 7 is the user interface layer, with some additional innovations and features, built atop the latest, and so far unreleased, version of Microsoft Windows Embedded CE (which is not based on Windows binaries). That version, which will be named Windows Embedded Compact 7, is currently in what Microsoft calls "public Community Technical Preview."
Another blogger says that Walsh's accomplishment is important because he was able to gain "root access" to the underlying OS. Walsh was "able to deploy a WP7 app using the developer sideloading process keeping in mind hounsell's entire idea," says Waisy Babu, a regular blogger at RedmondPie.com. "This gave him root access to the system, which is a must for "jailbroken" apps to be able to run in the future."
But in fact that doesn't appear to be the case, according to two other programmers, both with experience in Windows Phone 7. They say that Walsh has simply gained access to some coding privileges not available to most programmers.
"I wouldn't get too excited," says Andy Wigley, a Microsoft device application development MVP and a principal with a British programming shop, APPA Mundi Ltd, in Birmingham, U.K. "This isn't a jailbreak as far as I can see. Simply, this guy has uncovered the way that privileged app developers (such as the phone manufacturers and network operators) are able to run C++ code on the device to access some bits of the platform that your average code developer can't."
"It's no surprise to me that native code will run on the device," Wigley says. "Underneath it all, the Windows Phone OS is still derived from Windows Embedded Compact Edition, and those of us who used to do Windows Mobile 6.x development have *plenty* of experience of interoperating with native code to do things that weren't possible from the C# libraries."
"What's contained in [Walsh's] blog post is very much an example of a developer accessing a private API," says Windows author and programmer Kevin Hoffman, whose day job is chief systems architect at Oak Leaf Waste Management, East Hartford, Conn. "He's found some 'undocumented' conventions that Samsung used in order to access low-level security APIs not found in the version of the .NET Framework (Silverlight) running on that device. This isn't jailbreaking -- it's just connecting OS-level features ([in this case,] COM-based DLLs) with Silverlight-based apps."
About the only thing everyone agrees on is that any Windows Phone 7 application that tries to use Walsh's technique will never make it through Microsoft's Marketplace certification process, precisely because the app is trying to do something that's forbidden.
It's also not clear that Walsh has gained anything like "root access" (and he apparently has not claimed this), meaning completely unrestricted access to the OS. In any case, Hoffman argues, you don't need root access to jailbreak the phone. In fact, the reverse is the likely scenario.
Jailbreaking is like "sneaking through the door into someone's data center," Hoffman says. "Once inside, there are typically less protections than there are outside, which allows you to then do other things which will ultimately grant you root access or, as in the case of a WP7 phone, perform activities as though you were a system administrator."
Both jailbreaking and root access for Windows Phone 7 are inevitable, Hoffman predicts.
Asked to comment on Walsh's exploit, Microsoft issued the following statement: "We anticipated that people would attempt to unlock the phones and explore the underlying operating system. We encourage people to use their Windows Phone as supplied by the manufacturer to ensure the best possible user experience. Attempting to unlock a device could void the warranty, disable phone functionality, interrupt access to Windows Phone 7 services or render the phone permanently unusable."
John Cox covers wireless networking and mobile computing for Network World.
Blog RSS feed: http://www.networkworld.com/community/blog/2989/feed
Read more about anti-malware in Network World's Anti-malware section.