Educational - FROYO Bypass Exchange Server Policy

raidzero

n00b.
Premium Member
Developer
Theme Developer
Joined
Apr 15, 2010
Messages
1,054
Reaction score
3
First - I take no responsibility if your phone is stolen and all your company secrets get stolen. I have edited the Email.apk to not do anything when asked to set a policy. You will need root to use this, and it only works on Froyo. This was made from the Sapphire email apk.

How?

I decompiled the apk with apktool. I then looked onlien and found the source code for the email app. Within that I found the securitypolicy.java file. I opened it up and compared it to the SecurityPolicy.smali file that apktool made for me.

I found the code in smali and simply changed one "True" to "False", or 1 to 0 (line 151 in java, or 523 in smali). I then rebuilt the apk and lo and behold, no security policy.

Note - I only did this because my exchange policy does not work on Froyo, I am fine with having a policy I just wanted email to work at all, and touchdown basically sucked.

Thanks go to cvpcs, sniffle, and rotordroid for the tips. :-D

I LOVE OPEN SOURCE

JAVA excerpt:
Code:
127        boolean policiesFound = false;
128
129   int minPasswordLength = Integer.MIN_VALUE;
130       int passwordMode = Integer.MIN_VALUE;
131        int maxPasswordFails = Integer.MAX_VALUE;
132        int maxScreenLockTime = Integer.MAX_VALUE;
133       boolean requireRemoteWipe = false;
134
135        Cursor c = mContext.getContentResolver().query(Account.CONTENT_URI,
136               ACCOUNT_SECURITY_PROJECTION, WHERE_ACCOUNT_SECURITY_NONZERO, null, null);
137        try {
138           while (c.moveToNext()) {
139                int flags = c.getInt(ACCOUNT_SECURITY_COLUMN_FLAGS);
140                if (flags != 0) {
141                   PolicySet p = new PolicySet(flags);
142                    minPasswordLength = Math.max(p.mMinPasswordLength, minPasswordLength);
143                    passwordMode  = Math.max(p.mPasswordMode, passwordMode);
144                    if (p.mMaxPasswordFails > 0) {
145                        maxPasswordFails = Math.min(p.mMaxPasswordFails, maxPasswordFails);
146                    }
147                    if (p.mMaxScreenLockTime > 0) {
148                        maxScreenLockTime = Math.min(p.mMaxScreenLockTime, maxScreenLockTime);
149                    }
150                    requireRemoteWipe |= p.mRequireRemoteWipe;
151                    policiesFound = true; //*CHANGE TO FALSE IN SMALI
152                }
153            }
SMALI excerpt:
Code:
520    or-int/2addr v5, v0
521
522    .line 151
523    const/4 v13, 0x0 //*WAS 0x1
524
525    goto :goto_0
 
Last edited:

The_Hellion

New Member
Joined
Aug 17, 2010
Messages
2
Reaction score
0
I'm looking for some guidance on this install. My boss is trying to do it on his Motorola Droid, but after he starts the install he gets an error message regarding an invalid signature. Any idea what he's doing wrong?
 

awakefie

New Member
Joined
Jan 4, 2010
Messages
4
Reaction score
0
Stops Working After Reboot

This was working for me until I rebooted by phone. After the reboot it made me set up the pin again.

I'm running a Moto Droid with Cyanogen 6 RC3

Let me know if anyone has any ideas.
 

WillRunForBeer

New Member
Joined
Nov 12, 2009
Messages
12
Reaction score
0
Improved email works for me. Is there any down side to use it?

Also, is there a way to say, only prompt for pin if 30 minutes goes by, or will I always be prompted for pin every time I turn on device.

What if I unclick Improved Email as a device administrator? Will the application stop working completely?
 

nanutik

New Member
Joined
Jan 16, 2012
Messages
2
Reaction score
0
Java files?

Hello!
I've unpacked the LotusTraveler.apk and now looking into the files however cannot find the ones mentioned by you. There are also no any .java files, there are mostly smali and xml files.
Could you please help me to find a correct smali to edit and to remove the screenlock check? Thanks a lot!!!
 

Hiker5208

Member
Joined
Mar 29, 2010
Messages
122
Reaction score
0
There is an app out on the Android and the Amazon market called Enhanced email that is set up to provide this functionality and bypass security. I have an exchange server that my wife and I use and it has worked well with Exchange 2010 with skipping the security stuff. The author works full time at it and does a good job providing support. It does cost 9.99, but does the job well and supports multiple exchange accounts which Touchdown does not do. It is worth a try, they have a 7 day trial at their site, Enhanced Email • Index page .
 

nanutik

New Member
Joined
Jan 16, 2012
Messages
2
Reaction score
0
There is an app out on the Android and the Amazon market called Enhanced email that is set up to provide this functionality and bypass security. I have an exchange server that my wife and I use and it has worked well with Exchange 2010 with skipping the security stuff. The author works full time at it and does a good job providing support. It does cost 9.99, but does the job well and supports multiple exchange accounts which Touchdown does not do. It is worth a try, they have a 7 day trial at their site, Enhanced Email • Index page .

The lock is not on an exchange server here but is set in the program itself.... So, I need to modify it somehow in the root of the program
 
Top