Quick bypass /private in S60 3rd.ed for Flash Lite

In my latest S60 3rd.ed experimentations, I found that Flash Lite developers having security related issues for /private folder when creating custom launchers and SIS for distribution.

If you don’t want to protect your SWF application and its data as on 2nd Edition devices, you can simply install your SWF(s) and related txt/xml files in any folder on the root, while your launcher .exe is installed in /sys/bin folder.

For example you can install your SWF in /MySWFApp/

According to 3rd.ed SDK docs:

The file system has the following structure:

  • /sys/
  • The /sys folder is the restricted system area and is inaccessible to non-TCB programs (TCB capability is required to modify the /sys contents but AllFiles capability is enough to read /sys (file browser, diagnostics tools)). The /sys folder contains a subdirectory /sys/bin/ that holds all executables (EXEs, DLLs, etc.). Because it is a flat directory, all EXE files, DLLs, etc. must have a different name. The OS will refuse to run code placed in any other location.
  • /private/
  • Non-TCB programs have their own restricted view on the file system consisting of the directory sub-tree /private/<SID>/, where SID is a unique security identifier (SID), taken from the program’s UID. Applications, for example, would use their sub-tree to hold .ini, .mbm, .rsc, and data files. Other processes need AllFiles capability to be able to access the directory.
  • /resource/
  • This directory is public, but is read-only for non-TCB processes. The purpose is to allow read-only files to be publicly shared without compromising their integrity. Applications without any capabilities can read these files.
  • Tcb capability is required to modify the resource contents. Software installer adds and updates these files, but not anything else. Subdirectories can be utilized to ensure file name uniqueness.

These protected directories are located on either fixed or removable drives. All the other (previously used) directories are unprotected, so it is not safe to leave any sensitive data in them.

hope it helps.

// chall3ng3r //

3 thoughts on “Quick bypass /private in S60 3rd.ed for Flash Lite”

  1. Pingback: biskero.org
  2. @Symbian: /private folder is also created in memcard if application is installed in memcard. it stores private resources for application which other applications cannot access in Symbian OS.

    however, if you connect your memcard via card reader, it will show all the contents of the card, including /sys/bin folder which is not accessable from Symbian OS until developer gets All Files capability. which is not easy to get :/

    // chall3ng3r //

Leave a Reply to chall3ng3r Cancel reply