How to get rid of annoying security prompts?
Previous  Top  Next

 
 
   Harmfull midlet can inflict damage by using phone's filesystem. According to MIDP2.0 security model, phone allows full filesystem access only for signed midlets. If midlet is not signed, different phones show different behaviour.  
     
   Siemens phones show security prompts. User has possibility to answer "For session" to allow full filesystem access until midlet is closed.  
 
   Nokia and SonyErricsson show a lot of security prompts. User has no possibility to answer "Allow always", and has to answer "Allow" a lot of times.  
 
   Motorola phones completely disable filesystem access for not signed midlets.  
     
   From author: to sign midlet, I have to buy certificates from Siemens, Motorola and Verysign. I am not going to do it, because ReadManiac is a freeware application. At the same time, for example, Verysign certificate costs $400 per year.  
   The second problem is that private key should distributed inside Wizard application to allow it to sign midlets. This will give hackers possibility to rip private key, which is absolutely not suitable.  
 
   If you really need filesystem access from midlet, there are several methods to allow it for unsigned midlets. After all, you are the owner of a phone and have right to decide what midlets to trust.  
 
   WARNING! Following instructions include manipulations with phone's system files. Author will not be responsible for any damage, arrising during usage of this information. In any case, you always have possibility to use ReadManiac LITE, or ReadManiac FULL without filesystem access.  
 
 
 
   Siemens series 55
 
   At present time I do not know any method for these phones. Maybe series 65 method will work.  
     
 
 
   Siemens series 65-75
 
·create fake root cetificate;  
·create fake midlet certificate. This certificate is validated by fake root certificate;  
·sign midlet with fake certificate;  
·upload fake root certificate to the phone.        
 
   This method has been invented by Chaos. All operations can be created with his utility MidletSigner2.     
     


   Nokia phones

 
   Create fake certificate, sing midlet with it, and upload this certificate to the phone. Nokia does not strictly follow security scheme, and does not validate midlet certificate by any root certificate. It is sufficient to upload midlet certificate to phone's certificate store.  
 
   After midlet installation, please enter applications menu and set option "Application Access -> Phone Access -> Read User Data" to "Allow always".  
     
   Full description can be found here:  
 
   http://www.spindriftpages.net/pebble/dave/2005/06/20/1119275880301.html  
 
 

   SonyErricsson phones
 
·create fake root cetificate;  
·create fake midlet certificate. This certificate is validated by fake root certificate;  
·sign midlet with fake certificate;  
·upload fake root certificate to the phone.        
     
   Root certificate can be uploaded to the phone with DaVinci application. Detailed description can be found here:  
 
   http://mobile-review.com/forum/showthread.php?t=28054.  
 
 
 
   Motorola phones
 
   Detailed description can be found in the following topics:  
     
   Filesystem access on phones with Motorola FileAccess API support  
   Filesystem access on Motorola phones with JSR-75 API support  
 


 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Rambler's Top100