StayUnlock at your peril


18 months ago, I created a hack utility called Stayunlock, to overcome the security policy enforced by my company, which requires me to use device lock, and disable the ability to turn off the device lock option.

18 months later, I was forced to use device lock on my smartphone because the utility doesn’t work on smartphone platform, and I was too lazy to port it over.

Many weeks back, after I lost my Treo 500v through a theft, I suddenly appreciate the value of security policy. We always take thing for granted until the day the unexpected hit us.

Just yesterday, I ported the hack utility to the WM5/6 smartphone platform, since there has been some requests on the net asking for it. Even though I have the hack utility running now, I have yet to turn off the device lock feature. In fact, I have stepped up the security further by using a more sophiscated passcode. Such is a ‘success’ story of a change management.

sshot000.jpg

sshot001.jpg

You can download the smartphone edition from this link StayUnlock (Smartphone Edition).

51 thoughts on “StayUnlock at your peril

  1. at this point, it appears that WM6.0 professional edition will not work, but WM6.0 smartphone/standard edition should since I just ported it over. I need to do some data logging before fixing the problem for WM6.0 professional, as I just found out that the power management in WM6.0 seems to have messed up with the utility…

  2. DBlocker says:

    My Samsung i760 is currently running WM6.0 Professional and Stay Unlock works fantastic on it. Could just be the power settings I have aren’t messing it up?

  3. Hi DBLocker, thanks for your note. If you can confirm that your phone remains unlocked after a day, that will help me to confirm the possible cause of bug.

  4. Dr. D. says:

    Hi Zen, here’s more information on my experience with a Mogul running WM6 Pro, to help with your diagnosis. I’m pretty sure my phone would stay unlocked if I wanted to disable locking completely, because the “1023” registry value stays at 1. However, I only want to change my system’s default 30-minute timeout to 6 hours.

    Once per day, I get notification that the Exchange policy has been enforced. When I check the registry, the timeout value has been changed back to 30 minutes in HKLM\Comm\Security\LASSD\AE\{50C13377-C66D-400C-889E-C316FC4AB374}. Can you keep that registry value from being overwritten, or restore its value to the previous setting after a policy enforcement?

    Thanks again for your help, and for a great tool!

  5. DBlocker says:

    I have my Lock setting to “Prompt if device is unused for 24 hours”. As I never go that long without using my device I only have to enter my PIN on soft resets or when installing a new application. I occasionally get the notification that the Exchange policy has been enforced (maybe once every couple weeks) but Stay Unlock continues to work so it must be setting the registry values back to the 24 hours setting. Anything else you need just let me know!

  6. Dr. D. says:

    Hi, slight correction to my previous post… The registry timeout value that gets reset by the Exchange policy is

    HKLM\Comm\Security\Policy\LASSD\AE\{50C13377-C66D-400C-889E-C316FC4AB374}

    (I had left out “Policy”.) Thanks again.

  7. Brandon says:

    I’m running WM6.1 on a Mogul and the app doesn’t seem to work at all. I’m not sure if WM6 Pro is the same as WM6.1 or what but I guess I just need clarification as to whether I’ve done something wrong or if it’s just not yet compatible.

    Thanks!

  8. I finally did abit of data logging to trace what could be potentially a problem, but I have found nothing so far.

    first of all, you have to make sure that you have soft-reset after you installed (I assume all of you would have done it if you don’t find it working, 😉 but just incase)

    next, the software is meant to disable the security policy, but it doesn’t change the timeout value (which is always overwritten during the policy enforcement) nor disable unlock by default (you have to do it manually the first time).

    Dr. D and DBLocker, your problem is about the timeout not being ‘restored’ to your preferred value, that’s something I can do but it will probably take a weekend at least for me to effect the change.

  9. Marco says:

    I am using the programme now for 4 weeks on a HTC Touch with Windows Mobile 6 without any problem! Zen thanks for making it, it is one of the most useful programmes.

  10. I used your utility for some time on my old WM6 Pro device and it was working just excellent.

    A few weeks ago I upgraded to HTC Touch Diamond with WM6.1 Pro and are now experiencing the same problem as everyone else, that the check-box to dissable lock is still greyed out (even if I change the registry-value manually).

    It seems that my only solution for now is to set
    HKLM\Comm\Security\Policy\LASSD\AE\{50C13377-C66D-400C-889E-C316FC4AB374}\AEFrequencyType: 0
    So it only locks if going unused for 24 hours.
    Would it be possible to just get this key-change incorporated into a version of StayUnlock?

    Good work though Zen!

  11. jgvg says:

    hi

    I just download it aand test it for some hours and works great!!!

    Thanks a lot!! Now i can use my 8525 with TOM TOM without unlocking every 15 minutes!!!

  12. I just spent some time analysing the LASS related registry keys. Would be incorporating the functionality where you want to stay locked (rather than stay unlock altogether), but with a preferred time out value.

    However, it seems that WM6.1 phone has a different problem altogether.

    Cactuz, can you confirm that you do want to uncheck the checkbox “Prompt if device unused for”, but are not able to even with the policy \hklm\policies\policies\1023 set to 1? I doubt this is the case, but I need you to confirm.

  13. Jared says:

    My issue is my exchange server has suddenly ramped up it’s interval of setting this to every hour rather than once a day.

    if I do not respond to the stay unlock message saying it has restored the settings and another server reset comes through, it essentially does not prevent the lockdown.

    Is there a version of this or a way I can have it run and not prompt me at all to tell me it’s done it?

  14. Jared says:

    a bit more info

    I’m having to use the smartphone version as the original version I used in Wm5 on my 8525 did not work when it got upgraded to wm6. I’m wondering if there is/was a fixed version for the full WM6 platform as well

  15. Richard Solomon says:

    I’ve been using the original non-smartphone version on an AT&T Tilt with both the original shipped and 1.62 upgraded WM6.0 ROMs. My only wish there was for an option to NOT pop the box saying policy had been enforced – OR to at least self-close that box after some short timeout. (Regardless it would be nice to have no sound play!)

    Sadly when a co-worker and I upgraded to the new 3.57 version WM6.1 ROM we see the following behavior – when the policy is enforced, a full-screen empty white box shows up and ActiveSync gets disconnected.

    We’re now trying your SmartPhone version from this link to see if it behaves any better. Note that the original version DID successfully prevent the relock policy but it’s not clear whether ActiveSync would reset itself without manual intervention.

    Please add us to the list of folks willing to donate for a WM6.1 version, especially if it could be had with auto-clearing and silent dialog boxes 😉

    Thanks,
    Richard

  16. Richard Solomon says:

    Ok, so I blamed too soon…. Some further experimentation with hard-reset, and a bunch of googling actually pins the white screen ActiveSync problem on Exchange 2007: http://forums.microsoft.com/windowsmobile/showpost.aspx?postid=3599682&siteid=65

    StayUnlock just *appears* to be the culprit. I’ll continue experimenting to see if the policy remains managed by StayUnlock under WM6.1 – it’s a bit tougher with this activesync mess going on though.

    Richard

  17. Hi Richard,

    please do test and let me know your observation/findings. I have never encountered the ‘white’ screen, and not sure if this is pertaining to WM6.1. I will be getting HTC Touch pro which comes with WM6.1 PRO (not standard though) to see if there’s any commonality in our findings.

    So far I gather the feedbacks plus my own experiement

    1. Stay unlock remains working for both smartphone and professional/ppc phone versional
    2. Stay unlock works in term of enabling you disable idle timeout lock, where the checkbox “prompt if device unused for” is enabled.

    Stay unlock will not work (and this is by design) if

    1. you want to set a idle time out value that’s more than what the policy enforces. E.g. if your exchange server enforces maximum 5 minutes of idle time, but you want 1 hour.

    Stay unlock also have a problem in the smartphone edition, where if the exchange server enforce policy frequently, Stay Unlock will not work if the dialog box of previous action is not closed.

    Still trying to find time to make all these changes/fixes.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s