maemo.org - Talk - Announcing INCEPTION: Deeper access to your N9 [0.1.1]

maemo.org - Talk (https://talk.maemo.org/index.php)

- MeeGo / Harmattan (https://talk.maemo.org/forumdisplay.php?f=45)

- - Announcing INCEPTION: Deeper access to your N9 [0.1.1] (https://talk.maemo.org/showthread.php?t=82835)

Announcing INCEPTION: Deeper access to your N9 [0.1.1]

INCEPTION 0.2 has been released! Visit the new thread for more information.

I N C E P T I O N
Your phone is the scene of the hack
Interim Release 0.1.1

The Nokia N9 is an amazing piece of hardware running an amazing mobile OS. However, advanced users have often been frustrated by its sometimes-limiting Aegis security system. Aegis, like many other security frameworks, blocks many legitimate tasks beyond truly dangerous activity, and makes it difficult to customize your N9 to run on your terms.

This problem is one of the past: INCEPTION allows you to assume direct control and liberate your Nokia N9's full potential.

INCEPTION is:

Easy. INCEPTION allows you to open up your N9 in less than five minutes, with no need for a PC.
Safe. INCEPTION makes no major changes to your N9 on its own - it merely unlocks the door so that you can use your own discretion. INCEPTION can be uninstalled at any time with no side effects.
Effective. With INCEPTION, the only limits on what you can do with your N9 are your own. INCEPTION turns the N9 into what could be the most powerful and open handheld device on the market.

INCEPTION doesn't disable or remove Aegis by itself - it just puts you in the driver's seat.

The success of this project relies on building a community of users with access to such packages, so please spread the word and help make sure no N9 user is left in the dark.

The INCEPTION website provides comprehensive information on capabilities, risks, and instructions for getting started.

Instructions and download: Official site
Chat about INCEPTION: #inception on Freenode

Note: The developer mode update released on 2012-04-16 prevents the previous version of INCEPTION, 0.1, from being enabled. If you have installed the recent updates, make sure to use INCEPTION 0.1.1 in order to become incepted.

If INCEPTION has improved your N9 experience, a small donation would be greatly appreciated - scroll to the end of the official site

Re: Announcing INCEPTION: Deeper access to your N9

With great power comes great responsibility.

Does this mean that developers will be able to make use of inception to produce apps with deeper access?

Re: Announcing INCEPTION: Deeper access to your N9

WHOOO!! This is great. Now we just need to wait, what all developers and hackers can made from this :D

Re: Announcing INCEPTION: Deeper access to your N9

Quote:

Originally Posted by SamGan (Post 1175022)

With great power comes great responsibility.

Does this mean that developers will be able to make use of inception to produce apps with deeper access?

That's exactly what INCEPTION is all about. It allows developers to build, and users to install, apps and mods that take advantage of the full spectrum of access to the N9. All privileges are now within reach.

Re: Announcing INCEPTION: Deeper access to your N9

Ohhh this is very welcome! But.. how does it work? I don't mean the user manual, that's clear enough, but how can it work? What technique is employed? There's some signing going on in the source code, but how can that work if you don't have Nokia's keys?

Re: Announcing INCEPTION: Deeper access to your N9

thanks, fully working, opensh now have all maemo caps.

Re: Announcing INCEPTION: Deeper access to your N9

Code:

~ $ opensh





BusyBox v1.20.0.git (MeeGo 3:1.20-0.1+0m7) built-in shell (ash)

Enter 'help' for a list of built-in commands.



/home/user # accli -I

Current mode: normal

IMEI: 357923040175103

Credentials:

        UID::root

        GID::root

        CAP::chown

        CAP::dac_override

        CAP::dac_read_search

        CAP::fowner

        CAP::fsetid

        CAP::kill

        CAP::setgid

        CAP::setuid

        CAP::linux_immutable

        CAP::net_bind_service

        CAP::net_broadcast

        CAP::net_admin

        CAP::net_raw

        CAP::ipc_lock

        CAP::ipc_owner

        CAP::sys_module

        CAP::sys_rawio

        CAP::sys_chroot

        CAP::sys_ptrace

        CAP::sys_pacct

        CAP::sys_admin

        CAP::sys_boot

        CAP::sys_nice

        CAP::sys_resource

        CAP::sys_time

        CAP::sys_tty_config

        CAP::mknod

        CAP::lease

        CAP::audit_write

        CAP::audit_control

        CAP::setfcap

        CAP::mac_override

        CAP::mac_admin

        GRP::root

        GRP::daemon

        GRP::bin

        GRP::sys

        GRP::adm

        GRP::tty

        GRP::disk

        GRP::lp

        GRP::mail

        GRP::news

        GRP::uucp

        GRP::man

        GRP::proxy

        GRP::kmem

        GRP::dialout

        GRP::fax

        GRP::voice

        GRP::cdrom

        GRP::floppy

        GRP::tape

        GRP::sudo

        GRP::audio

        GRP::dip

        GRP::www-data

        GRP::backup

        GRP::operator

        GRP::list

        GRP::irc

        GRP::src

        GRP::gnats

        GRP::shadow

        GRP::utmp

        GRP::video

        GRP::sasl

        GRP::plugdev

        GRP::staff

        GRP::games

        GRP::libuuid

        GRP::pulse

        GRP::pulse-access

        GRP::pulse-rt

        GRP::cal

        GRP::users

        GRP::input

        GRP::i2c

        GRP::adc

        GRP::upstart

        GRP::crypto

        GRP::metadata-users

        GRP::phonet

        GRP::signon

        GRP::csd

        GRP::messagebus

        GRP::gallerycoredata-users

        GRP::acm

        GRP::osa

        GRP::calendar

        GRP::libaccounts-noa

        GRP::lpm

        GRP::visualreminder

        GRP::nfc

        GRP::location

        GRP::slpgwd

        GRP::haldaemon

        GRP::powerdev

        GRP::developer

        GRP::ssh

        GRP::spool

        GRP::nogroup

        tcb

        libbb5-secbins::SEE_CCCWrite

        libbb5-secbins::SEE_DBIWrite

        libbb5-secbins::SEE_HWCWrite

        libbb5-secbins::SEE_NPCWrite

        libbb5-secbins::SEE_SecStorageMaintenance

        libbb5-secbins::SEE_SuperDongleWrite

        libbb5-secbins::SEE_SuperDongleOperation

        libbb5-secbins::SEE_SimLock3Write

        libbb5-secbins::SEE_SimLock3Operation

        libbb5-secbins::SEE_TerminalResponce

        libbb5-secbins::SEE_DeviceLockControl

        aegis-enabler::tcb-sign

        tracker::tracker-extract-access

        tracker::tracker-miner-fs-access

        libaccounts-noa::accesssvt

        package-manager::packagemanager_limited

        package-manager::packagemanager_private

        icd2::icd2-plugin

        Cellular

        TrackerReadAccess

        TrackerWriteAccess

        Location

        FacebookSocial

        dsme::DeviceStateControl

        aegisfs::AegisFSMountAdd

        aegisfs::aegisfs-verify

        signond::keychain-access

        signond::ssoProtectedWriteAccess

        signond::ssoProtectedReadAccess

        telepathy-spirit::telepathy-spirit

        mce::CallStateControl

        mce::DeviceModeControl

        mce::LEDControl

        mce::TKLockControl

        mce::SensorControl

        csd-base::csd-plugin

        usb-moded::usb-moded-dbus-bind

        usb-moded::USBControl

        timed::TimeControl

        timed::TimeBackup

        timed::TimedEventQueueWrite

        bme::BatteryControl

        applauncherd-launcher::access

        libaccounts-glib0::accounts-glib-access

        libaccounts-glib0::t

        libaccounts-glib0::tok

        smartsearch::RelevanceAllContentTypes

        account-plugin-skype::skype-access

        account-plugin-skype::sso-encryption-token

        phonet-at::acm-plugin

        account-plugin-ovi::noaaccess

        account-plugin-ovi::sso-encryption-token

        caldav-plugin::access

        account-plugin-caldav::sso-encryption-token

        account-plugin-caldav::caldav-access

        account-plugin-facebook::sso-encryption-token

        account-plugin-facebook::access-control

        account-plugin-flickr::flickr-access

        account-plugin-google::sso-encryption-token

        account-plugin-google::access-control

        account-plugin-sip::sso-encryption-token

        account-plugin-sip::access-control

        account-plugin-twitter::sso-encryption-token

        account-plugin-twitter::access-control

        account-plugin-youtube::sso-encryption-token

        account-plugin-youtube::access-control

        aegis-certman-common-ca::CertCACommonAdd

        aegis-certman-common-ca::CertCAGlobalCodeSignAdd

        aegis-certman-common-ca::CertCASSLAdd

        aegis-certman-common-ca::CertCAWifiAdd

        aegis-certman-common-ca::CertCASMIMEAdd

        aegis-certman-common-ca::CertCACodeSignAdd

        aegis-certman-common-ca::CertUserSSLUse

        aegis-certman-common-ca::CertUserWifiUse

        aegis-certman-common-ca::CertUserSMIMEUse

        aegis-certman-common-ca::CertCACodeSignUse

        devicelock::ProvisioningSettings_PasswordForceChange

        devicelock::ProvisioningSettings_MinimalDeviceWipeTypeRequired

        devicelock::ProvisioningSettings_RnD_additional_Debug

        devicelock::DeviceLock_SetPassword

        devicelock::DeviceLockServiceOwn

        devicelock::DeviceLockStorageAccess

        devicelock::State_Unlocked

        devicelock::State_Locked

        devicelock::State_WipeMMC

        devicelock::State_Inhibit

        devicelock::DeviceLockControl

        devicelock::SSO_Exchange

        backup-framework::backup

        libaegis-session::aegis-session-data

        clean-device::CUDOrRFS

        xserver-security-policy::record-input

        xserver-security-policy::playback-input

        xserver-security-policy::capture-drawables

        system-ui-screenlock-nokia::ScreenLockEventPublish

        call-ui::call-ui

        nfcd::ui-agent

        nfcd::tool

        duicontrolpanel-certificatesapplet::encryptedDBusMessages

        facebookqml::facebook-token

        mfe-account-ui-plugins::mfe-access

        mfe-account-ui-plugins::sso-encryption-token

        mms-manager::MmsProtectedWriteAccess

        mms-manager::MmsProtectedReadAccess

        mms-manager::MmsWorkerAccess

        libodnp::odnp

        libslpgw::slpgw

        location-ui::location-ui

        messaging-ui::messaging-ui

        ope-service0::OpeWapUtilAccess

        positioningd::LocationControl

        odnp-fpcd::odnp-fpcd

        signon-default-key-extension::key-storage

        signon-ui::signond-access

        telepathy-sasl-signon::sso-encryption-token

        grob::grob-access

        grob::sso-encryption-token

        groovem-account-ui-plugins::groovem-access

        groovem-account-ui-plugins::sso-encryption-token

        omb0::omb-communication

        npe-maemo0::LocationFW

        relevance::RelevanceAllContentTypes

        SRC::com.nokia.maemo/local

        AID::com.nokia.maemo/local.opensh.

        opensh::opensh

Re: Announcing INCEPTION: Deeper access to your N9

Sweet! Now I can feel what it's like to really own my n9! Thank you!

Re: Announcing INCEPTION: Deeper access to your N9

All I can say is wow.

Re: Announcing INCEPTION: Deeper access to your N9

RATS! How come this gets announced AFTER I purchased a Galaxy Nexus...

Re: Announcing INCEPTION: Deeper access to your N9

sorry for my newbishness (coming from Android and still learning stuff) but will this allow kernel mods?

Re: Announcing INCEPTION: Deeper access to your N9

Awesome!! This just put a smile on every Nokia N9 owners face!!:)

Re: Announcing INCEPTION: Deeper access to your N9

Could you describe how it actually works? The fact you mention not upgrading the OS suggests it may be exploiting a security hole? (which is worrying from a "I don't want malicious apps trampling all over everything" POV)

Re: Announcing INCEPTION: Deeper access to your N9

It would be GREAT if somebody could find a way to overclock N9 with this Inception!!

Re: Announcing INCEPTION: Deeper access to your N9

Quote:

Originally Posted by SaQ (Post 1175180)

It would be GREAT if somebody could find a way to overclock N9 with this Inception!!

Pali and freemangondon can do it

Re: Announcing INCEPTION: Deeper access to your N9

What.. How... Where...
Give me instructions, and I shall pay you many gold :D

Re: Announcing INCEPTION: Deeper access to your N9

Do things/apps that normally use Aegis keep working?

(In other words, can I keep Facebook, Gtalk, MfE,...)

Re: Announcing INCEPTION: Deeper access to your N9

Amazing!! with this we can flash custom kernels without having to reflash all the phone, good news no, excelent news!!

Re: Announcing INCEPTION: Deeper access to your N9

Among many applications and software, if Inception opens the doorway for Easy Debian it will be a wonderful advancement!

Re: Announcing INCEPTION: Deeper access to your N9

That's great , now let's wait for overclockers . :D:D:D

Re: Announcing INCEPTION: Deeper access to your N9

Quote:

Originally Posted by -Tyler- (Post 1175238)

Amazing!! with this we can flash custom kernels without having to reflash all the phone, good news no, excelent news!!

It does not allow flashing custom kernels (that always triggers open mode), but it enables you to load custom kernel modules if you use the inception exploit to gain needed privileges. And most likely the hole will be fixed at some point, at least previous exploits were fixed quite quickly.

Re: Announcing INCEPTION: Deeper access to your N9

Quote:

Originally Posted by Dragoss91 (Post 1175258)

That's great , now let's wait for overclockers . :D:D:D

Yes? we can do that know?awesome

People here should open an inception thread

Re: Announcing INCEPTION: Deeper access to your N9

Quote:

Originally Posted by rainisto (Post 1175268)

You mean there will definately be PR1.3 and beyond...

Re: Announcing INCEPTION: Deeper access to your N9

Quote:

Originally Posted by nbedford (Post 1175276)

You mean there will definately be PR1.3 and beyond...

I have no knowledge if there will be any new PR releases, your guess is as good as mine. I just mean that it can be fixed even on PR1.2 if someone just updates a package.

Re: Announcing INCEPTION: Deeper access to your N9

Quote:

Originally Posted by nbedford (Post 1175276)

You mean there will definately be PR1.3 and beyond...

PR1.3 was confirmed a long time ago. I suppose it's possible that they could call it off at the last minute, but all signs indicate it's en route.

Re: Announcing INCEPTION: Deeper access to your N9

Stupid, but very serious question. This is a very welcome thing... does this mean that folks really didn't "own" their machines before Inception? I know how Aegis got in the way of certain things, but this cannot be labeled a "jailbreak" or root, can it?

Re: Announcing INCEPTION: Deeper access to your N9

Currently, you need to flash the open kernel with the phone plugged into a PC. Would the Inception exploit allow on-device kernel flashing?

Re: Announcing INCEPTION: Deeper access to your N9

Can we bend walls with inception?

Re: Announcing INCEPTION: Deeper access to your N9

Inception + Opensh causes a reboot loop. Finnish 64 GB, #059j187
I can still boot the phone with

Code:

sudo flasher --set-rd-flags=no-lifeguard-reset --enable-rd-mode

. Will try and investigate further.

EDIT: Removing inception and opensh did not solve the problem. The phone shows the waves on the Nokia logo, and reboots much further in the boot porcess. Any ideas how I can fix this without a reflash? I can still boot in R&D.

Re: Announcing INCEPTION: Deeper access to your N9

let's hope this will not prevent upcoming firmware upgrade ...

Re: Announcing INCEPTION: Deeper access to your N9

Quote:

Originally Posted by YavkatA (Post 1175320)

Inception + Opensh causes a reboot loop. Finnish 64 GB, #059j187
I can still boot the phone with

Code:

sudo flasher --set-rd-flags=no-lifeguard-reset --enable-rd-mode

I'm pretty sure this has nothing to do with INCEPTION itself and everything to do with the Avahi packages you mentioned in the other thread. As far as I know, those packages are untested and not Harmattanized, and generally shouldn't be used. (Someone else here made more Harmatan-friendly builds, IIRC)

Remember that uninstalling INCEPTION doesn't revert changes you made yourself - it only undoes the adjustment to Aegis.

Re: Announcing INCEPTION: Deeper access to your N9

qole, of course, just need to reconfigure NOLO. i know one man who can do that.

Re: Announcing INCEPTION: Deeper access to your N9

You can't belive how much I have to thank you. At the moment I got some trouble with aegis and thanks to your tool, I know now, that it was NOT a bug in my code nor aegis. ;)

Just in the right moment. Thank you very very much! :)

Re: Announcing INCEPTION: Deeper access to your N9

Nobody explained how it works yet?
I don't really get it but it seems all the interesting stuff is in the .sh files.
It looks like it uses chroot and remounts the filesystems to temporarily gain access to some protected files used by dpkg/aegis when installing. It then patches in a dummy entry at the end of the file that can be used when installing later. Now, someone explain how wrong I am :)

Re: Announcing INCEPTION: Deeper access to your N9

Quote:

Originally Posted by Creamy Goodness (Post 1175424)

yea, it's a security hole exploit. this is as much a demonstration of how aegis is ineffective in its fake-goal {keeping the user safe from external attack} as it is a practical tool for getting around aegis' real-goal {preventing full user control of the device to give nokia&partners the ability to do things not in the user's best interests}.

Re: Announcing INCEPTION: Deeper access to your N9

So, it's like rooting an Android device. Nice. But think I'll wait til I see some good apps that absolutely need this access level

Re: Announcing INCEPTION: Deeper access to your N9

this thing is great!

but as I mentioned in the Nokia & AEGIS open-mode topic, is something like this possible without Aegis?

Re: Announcing INCEPTION: Deeper access to your N9

Quote:

Originally Posted by itsnotabigtruck (Post 1175378)

It's not realated to these packages - the same thing happened after I reflahsed.

EDIT: I will try to incept again with only filebox and meescan installed.

EDIT2: Incept was successful, no reboot loop. Will try to incept opensh now..

EDIT3: Opensh didn't cause a reboot loop either. Is it possible that using a reboot app is what caused the reboot loop?

Re: Announcing INCEPTION: Deeper access to your N9

Quote:

Originally Posted by ja-pc (Post 1175455)

this thing is great!

but as I mentioned in the Nokia & AEGIS open-mode topic, is something like this possible without Aegis?

Well, the Aegis manifest (what my post talked about) is a major reason why Aegis can't simply be ripped out completely - anything that relies on gaining capabilities or switching users/groups through Aegis would break. Also, without Aegis it would be difficult to tell what sort of functionality a given program uses.

Re: Announcing INCEPTION: Deeper access to your N9

Does Inception allows to use chroot ? For example, to run Qole Easy Debian without Harmattan open mode ?