Using a Hosts File on Windows Mobile

When you are testing and playing around with server solutions you sometimes have the need to control exactly where your requests are going. Maybe the host you’re trying to connect to isn’t registered in your DNS, or maybe you want to access the external IP and not the internal IP your internal DNS resolves to. We’ve all been there, and on our computers we are so happy we can edit our hosts file and take control.

What about Windows Mobile? Sure, we have the same needs here. Maybe even more here sometimes when we’re dealing with SSL certificates and we can’t press “ok” to accept the site that resolves to a different host name than the common name in the certificate. But Windows Mobile does not have a hosts file… Windows Mobile does have the functionality, but it’s buried in the registry. (Really user-friendly.)

It can be found in HKLM\Comm\Tcpip\Hosts. Do the following:
– Add a subkey which is the host name/FQDN.
– Add a Binary value ipaddr containing to hexadecimal notation of the IP address.
– Add a Binary value ExpireTime containing an expiration value. I think this is actually optional, or you can just set it to a large value – say “99 99 99 99 99 99 99”. (As in never expire basically.)

So adding, resolving to would look like this:


Unless you’re really good at hex you’ll probably have to get assistance from calc.exe computing the value for ipaddr 🙂

Deciding this was a pretty mundane chore, I thought that creating a small utility shouldn’t take too much time. Now I’m not claiming to be the guy who discovered this little gem digging through the registry, and there are other apps out there that will let you add entries to the registry. But that doesn’t prevent me from making my own implementation 🙂

There are two simple things you can do in this little utility – you can add hosts, and remove hosts. (I have hardwired the ExpireTime to equal “99 99 99 99 99 99 99”.) Given the simple interface I think you will be able to work it out without further instructions. You might be wondering what “ppp_peer” is, and what kind of record this is. It’s used by ActiveSync, (when you cradle your device), to assign an address to the device itself. Just leave this record as it is.



And as usual I must add the disclaimer that I take no responsibility if an error message occurs 🙂 (Not that I see much more than the application itself crashing as likely to happen though.)

Download (Updated 05.nov.08):
Windows Mobile Professional
Windows Mobile Standard

Windows Mobile 6.1 – How do I encrypt my device?

You might have read in white papers and product sheets that Windows Mobile 6.1 supports local device encryption. (Windows Mobile 6.0 featured encryption of storage cards, which is still also supported.) And you might have wondered – where is the setting for enabling it? Well, unless the device manufacturer has provided an interface, you can’t enable it. At least not in an easily accessible way.

The reasoning behind this is probably that it’s considered an “Enterprise feature”. Many enterprises are requesting encryption, but you don’t hear that many concerned end-users requesting it. So to use this feature you may for instance use Exchange 2007 SP1 on the server side, and ActiveSync configured on your device.

The following is a screenshot from the Exchange Admin Console:


You’ll notice that it’s not very fine-grained – you either have encryption enabled or you have it disabled. (The encryption ties in with the password requirements though as you need to password protect your device to encrypt it.)

The other option from the Microsoft perspective is System Center Mobile Device Manager 2008, (or SCMDM for short), where you can also enable encryption on the device. This is specified through Group Policies:


You’ll notice that this also gives you the additional option to specify inclusions and exclusions which is handy if you have a few gigabytes of mp3 files you don’t want to waste cpu cycles encrypting.

So this is all nice and dandy. If you have servers installed that is. What if you want to use this without servers, or you want to perform some testing without connecting to the servers? The encryption functionality is a feature of Windows Mobile 6.1, and the server tools just enable it. It’s all on the device – you just need a front-end.

With this in mind I created a small utility/application for this purpose.

Note: This tool is not designed for deployment in Enterprise environments. I recommend that in a deployment either the server solutions above, or similar third-party products, are used. This utility is intended for lab purposes, and single users who don’t have the opportunity/possibility of using said server products.

This is not an implementation of encryption itself. It uses the encryption that is built into Windows Mobile 6.1, and merely provides an interface for controlling this feature. I take no responsibility for the actual implementation or the details thereof. Currently the encryption in Windows Mobile is based on AES-128.

The use is sort of self-explanatory;
– “Encryption On/Off” refers to whether the feature itself is enabled or disabled.
– “Exclusions” means you can exclude certain files/folders or file types from being encrypted. – “Inclusions” means you can include additional files for encryption. This does however bring up another question – isn’t the entire device encrypted already? No, it isn’t…

The following items are encrypted by default:
– User documents
– Email
– PIM data
– Email attachments and related data
– Internet cache
For more info:

Now, there’s two ways around this: modify the system default (items that will be encrypted when encryption is enabled), or add inclusions after the device is encrypted. This application does not modify the system default, and thus relies on you to enable encryption first.

The exclusion list actually works the same way, you have a system default, and you have the exclusions you add later. I don’t recommend you exclude any of the items from the list above however, with the exception that you might be storing your mp3s under “\My Documents\”.

A few hints when it comes to exclude/include;
– Do not encrypt \…\* (entire device)! You’ll also encrypt the system files that are needed for booting…bad thing.
– Special formatting “…” = all subdirectories, “*” = all files, “*.ext” = all files with specified extension.
– All items must start with “\”; so to exclude all mp3s you would add “\…\*.mp3”. Adding a single file would be “\file.txt”.

So what does it look like?
“Encryption On/Off”-tab.
Either it’s enabled or it’s not. Please note – before you add inclusions/exclusions, encryption should be enabled first.

Either browse to select individual files or type in file/folder/extension. Remember to add the “\” in front.

Works pretty much the same way as the aforementioned tab.

Known issues:
– No icon and/or shortcut yet. Must be started from “\Program Files\DojoCrypt”.
– I do some simple error checking, but if you try you may be able to crash the app. It should however not be able to do any harm other than you having to start the program over again.
– No regexing or parsing checking that your inputs are correct when it comes to exclusions & inclusions. If you type it wrong, it will not work 🙂
– Applying an ExcludeList or IncludeList will require you to reboot the device between each list applied. (Technically you can choose “Later” to postpone it – results untested yet but probably no worries). So you can’t setup both lists and then be prompted to reboot. No biggie, but I am aware of it.
– No possibility to see what currently is on your lists – might implement this later on.
– It’s designed for portrait mode. It will work in landscape mode but does look kinda unoptimized. Fully aware of this, and considering a more slick solution (knowing that one often types with the qwerty keyboard in landscape mode).
– Only tested on Windows Mobile 6.1 Professional. Don’t know if it will work on Windows Mobile 6.1 Standard (probably not because of UI elements).
– Versions prior to Windows Mobile 6.1 is not, and will not be supported.
– While not an issue with this utility itself you may have problems on some devices if there’s a two-tier lock on the device, or some other security restrictions imposed that prevents this utility from working like designed.

I have not had the opportunity to do extensive bug testing, but I’ll replace the link in the download if I make any improvements/fixes.

If there’s any bugs you are welcome to post them in the comments section, but I make no guarantee when I will get around to fixing it 🙂


19.nov.2008 Update:
There’s a new version that fixes some of the known issues.