Off Topic: ltkUnlock tool

My apologies for the non-Hopper post, but since many HoppeRx readers will also need to know about ltkUnlock I decided this forum is as good as any. The ltkUnlock tool has generated a lot of confusion so let me start with the basics:


  1. The purpose of the ltkUnlock tool is to allow NSTL to safely add the QA/Test certificate to secured Windows Mobile devices.
  2. Microsoft does not ship an ltkUnlock.exe binary – so don’t look for it.
  3. Microsoft does ship the ltkUnlock program source (found in: <pb install dir>\wcetk\windows mobile ltk\ltkunlock).
  4. Each OEM must populate, build and uniquely sign the ltkUnlock binary with their OEM certificate before shipping to NSTL.

ltkUnlock is required because Microsoft does not allow Windows Mobile devices to ship with the QA/Test certificate provided in the AK and used throughout development. Tests provided by Microsoft are signed with this certificate such that everything just works during development. However, when it comes time to ship your device, each OEM must remove the QA/Test certificate – effectively preventing Microsoft’s tests from running (depending on your security level). It is ltkUnlock’s job to get the QA/Test certificate back on the device so any test signed with the QA/Test certificate (like the LTK tests) will run trusted and w/o prompts.

Step 1:

Identify Physical devices for Logo testing - ltkUnlock needs to be programmed to identify the unique, physical devices for provisioning.

Step 2:

Retrieve HW unique Device ID’s from devices. Copy the LTKUnlock tool source from the distribution CD to a convenient location in the build environment and add the retrieved device ID’s to deviceID.cpp source file. Due to the size of the device ID’s - please use extreme care when transposing these numbers to the source file.



Step 3:

Customers Build LTKUnlock tool and sign with privileged OEM certificate. Since the ltkUnlock.exe is now signed with OEM certificate - it can be installed each device, regardless of the security setting.


Step 4:

Run application on known phone. The device IDs will match and device will be provisioned with the payload certificate (which in this case is the QA/Test certificate).

OEM Certificate

Carrier Certificate

Payload Certificate

Other Certificate

Step 5:

Phone is now ready for logo or service, the new trusted certificate has been installed.


Make sure each device is cold booted after running the test to remove the QA/Build certificate.

Comments (0)

Skip to main content