Archive | Security RSS for this section

Query the capabilities of a DLL/EXE (Symbian OS)

During the development of Symbian OS application platform security can be problematic. Debugging platform security issues in Symbian OS can be time consuming. Therefore keep in mind the basic rules for platform security:

  • Rule 1: If a process gets created it will run with the capability set as specified in the .MMP file of the executable.
  • Rule 2: If a process loads a DLL this DLL needs to be trusted with the same set or a larger set of capabilities.

For a DLL capabilities are a level of trust and this level of trust (the set of capabilities) is specified in the MMP file. For a EXE capabilities indicate what a process can do (which APIs it is entitled to use).

Mostly an executable links against static interface DLLs (using the LIBRARY keyword in the MMP file). If the executable uses static interface DLLs the code for these DLLs is loaded into the process directly at startup. The file loader loads the code for the EXE and associated DLLs. Simultaneously it checks whether the EXE and set of DLLs complies with the platform security rules. If only one of the DLLs in the LIBRARYs list violates against rule 2, the process will not start.

A common symptom for this is, if you click on an application icon in the shell of the phone, the application does not start. The icon only shortly blinks and then nothing happens anymore.  As a developer, if this symptom shows, you should immediately think “most likely this is a platform security problem”.

Turn to the Series 60 emulator – turn platform security off in the menu – run the application (A) – then try to run the application with platform security enabled in the emulator (B). If the application runs in situation (A), but not in situation (B) it is confirmed that there is a platform security problem.

Now look into the file epocwind.out to find out which capabilities are missing. The file epocwind.out can be found in c:\Documents and Settings\<your username>\Local Settings\Temp (make sure Windows Explorer shows hidden directory – select on “Show hidden files and folders” under Tools | Options | tab View). Search for the text “*PlatSec*”.

For example:

147.680    *PlatSec* ERROR – Capability check failed – Can’t load sample_0x20030359.exe because it links to slogtool.dll which has the following capabilities missing: ReadDeviceData WriteDeviceData NetworkServices ReadUserData WriteUserData Location.

This gives you the information to add the capabilities “ReadDeviceData WriteDeviceData NetworkServices ReadUserData WriteUserData Location” into the MMP file of slogtool.dll to fix the platform security problem. Rule 2 has been violated here. The sample.exe links against slogtool.dll. Sample.exe has capabilities “ReadDeviceData WriteDeviceData NetworkServices ReadUserData WriteUserData Location”, but slogtool.dll has not. The slogtool.dll has less capabilities as the loading process (EXE). Therefore the process can not be started.

Correct the situation in the MMP file of slogtool.dll and compile again for the device (do not forget to re-run bldmake bldfiles) and try to run the application again on the device.

If you are unsure about the capability set for a EXE or DLL then ELFTRAN is a handy tool which comes pre-installed with your Series 60 SDK to query the capability set of a DLL or EXE. See below for examples of the commands. Note that ELFTRAN will only work for DLL/EXEs which have been compiled for the device (armv5 or gcce) and can list the capabilities for DLL/EXEs which have been compiled for the emulator (winscw).

Query the caps of an executable:

elftran -dump s <filename of executable or dll>

Query the dependencies of an executable:

elftran -dump i <arm executable>

Show the exports of a DLL:

elftran -dump e <arm executable>

Note:

petran should be used only for Symbian OS versions before 9.1

If you need more information or expertise on platform security for Symbian OS consult the training page of Inmote or drop me an email at rene@inmote.com.

Transmit files through voice calls (Data Over Voice – DoV)

In some (less developed) countries the majority of mobile phone users do not yet have access to GPRS. For instance India and Africa.

However, it occurred to me it will be possible to write an application on Series 60 to transmit files using audio FSK through the normal voice channel of the phone. This may be a very interesting technology option for certain type of use cases. This would remove the requirement for the user to have a GPRS subscription. Only requirement for the user would be to have a voice subscription and software installed for decoding and encoding the audio FSK stream.

File exchange would be possible between mobile phones (P2P) or between a desktop computer/webserver with modem and a mobile phone. Optionally this data stream can be encrypted for security.

On CeBIT 2009 there were a lot of suppliers for Crypto GSM solutions. However, I did not see any supplier for a solution which only uses the voice channel. All suppliers also focused on voice encryption. No suppliers had any focus on file sharing which could be equally important, I guess.