itsutils.dll - Windows Mobile Development and Hacking General

Hello,
Have anobody a signed itsutils.dll? or a programm that load this fu**ing .dll without a user prompt (Yes/No) on a Windows Mobile 5 Device.... I need this for a Software deployment.
Greetz

acme said:
Hello,
Have anobody a signed itsutils.dll? or a programm that load this fu**ing .dll without a user prompt (Yes/No) on a Windows Mobile 5 Device.... I need this for a Software deployment.
Greetz
Click to expand...
Click to collapse
Here is the solution:
Extract everything in a directory on your pc.
From the Command Prompt, go in the directory where you extracted the files and type: sign.bat [path of the dll or exe to be signed]
ex.:
c:\signcode>sign.bat c:\itsutils.dll
Cheers,
.Fred

Hello, It doesnt work
C:\...Downloads\SignCode>sign itsutils.dll
Warning: This file is signed, but not timestamped.
Succeeded
After this step i copy the modified .dll to \Windows (PDA) on my device. No i start the psynctime.exe on WinXP and my Device starts a user prompt for ItsUtils.dll (YES/NO). Thats the Problem

The 'not time stamped' is normal, but what you are trying to do won't work.
Here's the thing: The certificate in the attached cab is the test certificate from WM5 SDK. In order for device to recognize it you need to first provision the device (import the certificate). I can attach the cab that does it, but it isn't signed as well, so it will still ask for yes / no.
If you are looking to by pass certificates on a distribution version of your software you are out of luck.
For apps and cabs not to ask yes / no they have to be signed by an official Verisign certificate (costs money) or the device has to be set to no cert.
The second option is even more problematic for the average user, since it requires installing a reg editor on the device and changing some reg settings.

Ok, do you know an other way to stop this user prompt? Install method with automatic /yes or something like that.

Why don't you use the certified CAB that changes the registry values to allow Unsigined apps to be installed?
Check this post: http://forum.xda-developers.com/showthread.php?t=252356

dotfred said:
Here is the solution:
Extract everything in a directory on your pc.
From the Command Prompt, go in the directory where you extracted the files and type: sign.bat [path of the dll or exe to be signed]
ex.:
c:\signcode>sign.bat c:\itsutils.dll
Cheers,
.Fred
Click to expand...
Click to collapse
Hi!
If i want to sign my edited MUI file how can i do that?
Can you five me a syntax and what else need to be inside the folder?
ToddeSwe

Related

automated installs

Hi All,
I need some help with CAb files and such.
I'm working on a "self healing" solution for some customers of ours, so that if their device runs out of battery power, when charged, it will rebuild itself and reconfigure itself, so there is minimal user intervention.
What we do is put all our CAB files in the EXROM, and that's how we get it done.
I have an issue with our encryption software in that it's install CAB can't be run from the EXROM, it needs to be run from the root of the device. But it also has to be paired with a license file.
So what I need to do is build a CAB file, that encompasses the Pointsec install CAB and the license file, that copies itself to the root of the device upon running my CAB and runs them from there.
how do I get these files to execute once i've told them to be copied to the root?
I though i'd also put a shortcut to the install CAB in the \windows\startup folder
but once the install CAB is run, the shortcut remains, and therefore upno soft-reset it throws up errors that the file no longer exists
here is a copy of the INF file i wrote to do this.
bear in mind, i'm new to this, so it may be incorrect.
============================================================================================
[SOURCE FILE]
Name=Pointsec_Shortcut.cab
Path=C:\Documents and Settings\build\My Documents\Pocketpc\corporate soe v1.3a\EXTRACTED\new folder\Pointsec_Shortcut.cab
Type=Original
[Version]
Signature="$Chicago$"
CESignature="$Windows CE$"
Provider="Pointsec"
[CEStrings]
AppName="for Pocket PC 2.3"
InstallDir="\"
[CEDevice]
ProcessorType=0
VersionMin=0.0
VersionMax=0.0
BuildMin=0
BuildMax=0
[SourceDisksNames]
1=,Source1,,"[INSTALLDIR]"
2=,Source2,,"[License]
[SourceDisksFiles]
"Pointsec_for_Pocket_PC 2.3.cab"=1
"InstProf.ppp"=2
[CopyFiles1]
"Pointsec_for_Pocket_PC 2.3.cab",,,0x20000003
[CopyFiles2]
"InstProf.ppp",,,0x20000003
[CEShortcuts1]
"Pointsec.lnk",0,"Pointsec_for_Pocket_PC 2.3.cab"
[DestinationDirs]
CopyFiles1=0,"\"
CEShortcuts1=0,"%CE4"
[DefaultInstall]
CEShortcuts=CEShortcuts1
CopyFiles=CopyFiles1
===========================================================================================
Is there a registry entry, like in win2k/XP where I can get this to "runonce" or anything like that ?
Any help would be greatly appreciated.
you should put the cab in the ExtROM, and then.
In config.txt:
add lines to copy the cab to the root
add a line to run the cab from the root
Syntax: http://forum.xda-developers.com/viewtopic.php?t=6648&highlight=config+txt+syntax
cheers edsub,
I wasn't aware of the EXEC command for the config.txt.
that will save me from having to build a CAb file to do this !
for future reference though, is there an execute command you can put into a .inf for theCAB file?
or is that where the setup.dll comes into play ?
yup, thats the allmighty setup.dll.
problem is with that: If you havent build it, you dont know what it does . . .
damn, looks like i have to brush up on my C++ skills
thanks again !!

signing dll (WM5)

Hi,
I am trying to sign some dlls with the SDKSamplePrivdeveloper certificate and I have alaways the same error : errorcode 0x80070057.
I use Visual Studio 2005 and Windows Mobile 2005 SDK. I tried with the wizard "signtool signwizard" and the prompt cmd "signtool sign /f SDKSamplePrivDeveloper.pvk my_dll.dll" ...
I tried also to build a cab, cab to install my dll, and when I try the cab on my Universal, I have the message "....can't be installed..."
Any help will be welcome
Thanks
Well, I understood where was my mistake... So now I have a new question : where can I found the password for the sdksampleprivdeveloper.pfx ?
Thanks
it does not have a password
thanks and sorry for my newbie questions. I understood that I had to import SDKSamplePrivDeveloper.cer first to my depository and after SDKSamplePrivDeveloper.pvk. FOr SDK....cer no issue but for SDK....pvk cermgr.msc asks me a password
Hi All!
I tried to sign my dll files. For the first time I sign a dll file that doesn't concern with ppc , cmd command :
"signtool sign /f SDKSamplePrivDeveloper.pfx satelite.dll"
It was success to sign, but when I tried to sign dll files that were dumped from PPC wm 2005 on Himalaya , command :
"signtool sign /f SDKSamplePrivDeveloper.pfx shellres.dll"
Done adding aditional store
Signtool error: Isigncode::Sign return error 0x80070057
The parameter is incorrect.
Signtool error; An error orrcurred while attempting to sign: shellres.dll
or:
"signtool sign /f SDKSamplePrivDeveloper.pvk shellres.dll"
Signtool error: IStore2::Load return error 0x80092009
Cannot find the request object
Signtool error; An error orrcurred while attempting to load the signing certificate from: SDKSamplePrivDeveloper.pvk
Can any one help me to sign these files?
I found this :
SYMPTOMS
Attempting to digitally sign a file using Signcode.exe results in the following error:
Unable to sign the program xxxxx: (0x80070057)
CAUSE
The current version of Signcode.exe that ships with the ActiveX SDK, Ms Authenticode(IE4) and MS Authenticode(IE5) tools is unable to sign 16-bit files.
RESOLUTION
One workaround is to wrap the 16-bit file in a .cab or a self-extracting executable, which can then be digitally signed using Signcode.exe.
Note that only the 32-bit version of Internet Explorer requires a digital signature; 16-bit Internet Explorer does not check for signatures, and should therefore be able to download an unsigned 16-bit file.
Click to expand...
Click to collapse
thanh_lam said:
It was success to sign, but when I tried to sign dll files that were dumped from PPC wm 2005 on Himalaya , ...
Click to expand...
Click to collapse
The files in "modules" directory are not normal EXE/DLLs - they are XIP! They would never work on real device without hand-editing. Most values in their PE-header are zeroed, all sections are joined into one, all DLLs don't have relocations section.
so, mamaich can you explain how sign dlls like was signed all the dlls on the last realVGA hack? I need to modify msim.96.dll to retreive an azerty keyboard ..
thanks
mamaich said:
it does not have a password
Click to expand...
Click to collapse
.pfx file is the pkcs#12 standard which containing the key pair in the file. YES, it is protected by a PIN (i called it PIN instead of a password). :wink: But I'm sorry I don't know the PIN :?
I found this program, easy to use and the Test Certificates work on both Smartphone and Pocket PC.
Just type sign filename.ext and it'll add/replace the digital signature at the end.
thanksssssssssssssssssssssss !
works great for a cab but not for my dll msimfr.192.dll (dumped from my qtek 9000 with buzz rom dumper)
BeyondtheTech said:
I found this program, easy to use and the Test Certificates work on both Smartphone and Pocket PC.
Just type sign filename.ext and it'll add/replace the digital signature at the end.
Click to expand...
Click to collapse
I've used it on EXEs and DLLs without a problem... CAB files, well, it doesn't matter since even with a re-signed CAB file, it still comes up as something "untrusted." What error message are you getting?
Same message :
Error: Signing Failed. Result = 80070057, (-2147024809)
Here is my dll :
BeyondtheTech said:
I found this program, easy to use and the Test Certificates work on both Smartphone and Pocket PC.
Just type sign filename.ext and it'll add/replace the digital signature at the end.
Click to expand...
Click to collapse
Mr Maimach sent these to me month ago. But I couldn't sign my files which were dumped form PPC WM5. As Maimach say these "modules" files haven't PE header, they are XIP file, and they no longer work in a real device.
When I edited these file in Visual studio 2005 (support unicode) and changed some strings form english to vietnamese, after that I save these files by save button, and when I edited these again, no change was made.
At This tIme I think these files were protected by MS, and they didn't allow us to change. But when I read this thread, the answer is clearly, these dll files were corrupted.
Can any one help me archive these dll files but not the XIP files?
So how do they do the last RealVGA Hack as all the dlls are signed ?
noone to help a poor newbie ?
I'm a very poor newbie too, I'm trying to make free Vietnamese Language package for WM2005, all things seem tobe done, but these problems make the life becomming difficulty . Until now no one can solve these, and hope in the recent days the solution will be fuzzzzzzzzzzzzzz
jpa said:
Same message :
Error: Signing Failed. Result = 80070057, (-2147024809)
Here is my dll :
Click to expand...
Click to collapse
As I've wrote several times before. All XIP DLLs produced by my tool would not work on real device. They don't contain relocs, and their PE-header is incorrect. You should manually set image size and other fields in PE-header, and don't forget to set the correct characteristics (the process is obvious if you know the PE format). Or here is a better approach - take any working resource-only DLL from your device, and place your resources into it.
BeyondtheTech said:
I found this program, easy to use and the Test Certificates work on both Smartphone and Pocket PC.
Just type sign filename.ext and it'll add/replace the digital signature at the end.
Click to expand...
Click to collapse
cool, good one..
THANX
buzz

Hook winsock API calls in WM5

My goal is to get the TCP data from a TCP application on the pocket pc
like data from internet explorer or active sync. I want to write a proxy
that forwards all TCP data to the application server (Web server,...).
So I have tried to replace the ws2.dll with a wrapper dll that forwards all
winsock API calls to the original ws2.dll. But when I replace the ws2.dll file
with my own and make a softreset the device hangs in boot screen and
I must do a hardreset. Could not get this to work on WM5 but it works great
on WM2003 devices.
So I have tried another thing. Have heard about API hooking and want to
try this with winsock API functions (connect, WSAConnect, send, recv,...).
After several days of investigation in some forums I have found many
informations about API hooking and API sets win WM5. But when I look
deeper there is no server process for winsock API calls. So I cannot
change the method adresses.
Another idea was to hook LoadLibrary() API function and when ws2.dll is
loaded from an application I will load my own dll and forward all calls to
the original ws2.dll. But LoadLibrary() has also no server process.
Has anybody another idea how to do this?
Thanks for any information on this.
Houser
Hi Houser!
I think the reason your original method failed on WM5 is because all system DLLs must be signed or the system will not load them.
There are several threads on this forum (sorry, can't remember precise link right now) that explain how to create\use certificates, and sign files, so just search for that.
Good luck.
Thanks levenum for your reply.
I also have thought about signing the dll but I have disabled certificate
check on the WM5 device with the Cert_SPCS.CAB file and now
my system loads every dll without asking the user.
I have written some test applications that explicite load my ws2.dll with
a different name (ws2xx.dll) and then in my ws2xx.dll I load
the org ws2.dll from \windows dir and all worked fine. I can use
any winsock function and can make TCP connects and so on.
So I think signing is not the problem, only when I do not use
the Cert_SPCS.CAB file to disable it?
Or are system file always checked at boot phase?
That would then explain the problem maybe.
Regards
Houser
I am pretty sure system files are treated separately. I once used a device with no cert ROM, which ran all programs and loaded DLLs without asking for certificate, but refused to do so for system files (MUIs).
I think you should give certificates a chance before moving on to more complicated solutions.
So I should try to sign my wrapper dll with a certificate.
So I will try to sign with the Visual Studio 2005 developer
certificate. And then I must install this certificate on my device
so that the system trusted the dll file with this certificate?
Houser
Another thing: What do you mean with MUIs?
That's correct.
There are provisioning CABs in the 2005 SDK. You just run them on your device and they insert all the test certificates.
SDK also shows how to provision devices through RAPI, but most WM5 ROMs block that option.
Also you should use the 'privileged' execution certificate to make sure you have maximum access to the system.
MUIs are duplicate system DLLs that contain resources for other languages. For example: coredll.dll.0409.mui will contain English resources for coredll.dll (409 is hex for English code page). They are used to switch interface languages both on PC windows and mobile. (Metalanguage User Interface).
P.S.
If you want, there are XML templates for provisioning CABs in the SDK, and makecert.exe that let you create your own certificate and put it on the device.
Another thing: What do you mean with MUIs?
So I have tried this:
1) Installed the SdkCerts.cab certificates on the device (copied the file on
the ppc and tap in explorer on it) A success message was displayed from
the setup process.
2) In VS2005 I have set in the project settings the cert signing to "Sample
Privileged Root for windows mobile SDK" certificate and rebuild my dll.
In the dll file properties I can see the certificate.
3) Have copied my ws2.dll file to \windows and replaced the org ws2.dll file
there, my dll loads a copy of the org ws2.dll (ws2copy.dll) that is also
in the \windows dir
4) Then the big moment: Soft reset and..... hanging again in boot screen
The installed certificates did not appear in the pocket pc certificate manager.
Do you know if they should appear there or not?
Maybe the SDK certificates are not imported correctly?
Thanks for you help!
Houser
I'm sorry my solution didn't help.
The test certificates do not show in the list (don't know why).
The way I see it there are two possibilities:
1. I was wrong about the certificates. (Though I think you may still need them)
2. There might be a problem with the copy DLL you try to load (ws2copy.dll). Is it from a good dump? Have you tried loading it from a test app? Is it signed? I think it needs to be signed to.
Sorry I can't give you advice on an alternate way. Insufficient knowledge...
It is very frustrating, I do not knwo how many
hard resets I have made in the last few weeks. :?
I have written a test app that loads my winsock dll file and
then my dll loads the copy ws2.dll file. The copy ws2.dll file
is from a platform builder 5.0 build.
These tests with my test app all worked fine, I can make TCP connects
and do all the winsock stuff like I load the org ws2.dll file directly.
I have even disabled certificate check on the device and tested
with unsigned dll and it works too.
The copy dll from PB 5.0 is not signed. may be this could
be a problem when my dll is loaded in boot time.
Do you know a way to sign the copy PB dll with the SDK certificate?
Thanks man!
Houser
Signing files (DLL, EXE, CAB) is very easy. In the SDK, there is a file called signcode.exe. It will give you a step by step wizard to sign the file. The only additional thing you will need is the certificate files themselves which should also be in the SDK.
Got it to work with signing the copy dll file and
now after soft reset my device does NOT hang. :lol:
Many thanks for your support levenum!
That is very good but now I have figured out that
I cannot make a localhost connect on a local tcp port
on the device. That has something to do with WM5
because it was working under Wm2003. Strange..very
strange.
Houser

Disable certificate check in WM5

Hello all,
I'm having a problem with my qtek 9000 with latest rom from myqtek.com, some programs can't be opened because they say: "The file "patched-game-file-here" cannot be opened. Either it is not signed with a trusted certificate or one of its components cannot be found. You might need to reinstall or restore this file"
I've tried some files to disable certificate security but no luck, the problem is still there :|
Anyone can help getting over this problem?
Try this.
http://buzzdev.net/index.php?option=com_remository&Itemid=109&func=fileinfo&id=194
This is from the wiki:
Code:
Allow the unsigned app from installing for everything.
HKEY_LOCAL_MACHINE\Security\Policies\Policies] Change value 0000101a from 0 to 1
Do a soft reset.
V
Hello all, tks for your help
vijay555 - i tested your code but no luck, problem still there.
victoradjei - i've tested that app, pretty simple to use an finally it works ! (YES TK U) , for now it's a solution let's hope someone can make a .cab in order to disable this security check for good.
Hi,
I have an htc P3600.
I've downloaded the application for buzddev.
I've also changed the registery but I do not know what to do with that application. There is the signcode.exe, what should I do with that file downloaded?
Could someone shed some light on how to use the app from Buzzdev? Is it supposed to be run on the device?
I ran the EXE file on my PC and a DOS window popped up and closed itself and nothing happened.
Thank you in advance!
Extract the SignCode files into a folder. Then you have to run it from the command line or the "Run" option from the "Start" button and tell it what EXE file to fix. Since this program actually changes the executable file by changing the embedded security certificate, you might want to make a backup copy of the EXE file first.
Here's the syntax:
<path to SignCode files>sign.bat <path to program and filename>
If you extracted the signcode files to your "C:\Program Files\SignCode" folder and are trying to fix your "C:\Program Files\SomeGame\SomeGame.exe" file, here's EXACTLY (quotes and all) what you would type in the "Start" "Run" box or a command prompt:
Code:
"C:\Program Files\SignCode\Sign.bat" "C:\Program Files\SomeGame\SomeGame.exe"
You should notice the timestamp of the file change indicating that the embedded security certificate was changed. Copy the updated file and overwrite the original EXE file on your mobile device and then try running it. This will still pop up an "Untrusted Source" type of security message on your mobile device but you will have the option to install it anyway and it will work fine after that.
This should work too, M$ made a tool for provisioning devices.
http://www.microsoft.com/downloads/...8c-d587-47e0-908b-09fee6ea517a&displaylang=en
victoradjei methode worked perfectly for me on WM6
Does anyone have the info that was in this link?
The forum is their but looks like the link is dead.
http://buzzdev.net/index.php?option=com_remository&Itemid=109&func=fileinfo&id=194
Thanks,
Kenny
I dont know, but could try attached may help. I don't know anything else to help... hopefully someone else will.

My method of creating Security Certificate cabs

Not sure if this has been discussed earlier but I've been searching for quite a while for the exact working procedure so I can have my cert installable through UC. I support many clients with Exchange 2003 and PDA's so this works really nice for me, of course YMMV
First you need Network 2.0 installed on your workstation, the x86 version alavaible here
Then, referring to Scott Yost's contribution on MSDB Blogs, SSLChainSaver v2 released download & install Windows Mobile SSLChainSaver
This will create a directory C:\Program Files\Microsoft SSL ChainSaver by default with no program group. I suggest installing to a easier to find folder as this will be run via a Command Prompt, I use D:\SSL myself.
Then I run a Command Prompt and change my Drive and Directory to that folder. (I'm sure that if you need this knowledge you already know how to navigate in a Dos windows)
There I type S and a tab (which, on an XP or Vista computer will autocomplete SSLChainSaver.exe. Type a space then the FQN of the server containing the cert, for instance, mail.mycompany.com. This will create a folder named mail.mycompany.com containing the cert, which we don't need. It will also create 2 files, mail.mycompany.com.wm5.xml and mail.mycompany.com.wm6.xml. Al my device are WM6.1 so I need the second one.
Rename the second file to _setup.xml.
The type makecab /d compress=off _setup.xml email.cab (or whatever you want to name the cab)
Copy the cab to your SC and input the necessary line into your SDConfig.txt if you use UC or simply run through File Explorer.
This, in addition to creating cabs to automatically Auto-provisioning Exchange mail via UC saves me a LOT of time.
Enjoy and I hope that somebody finds this useful
Excellent work! I have been looking for a good way to achieve this via UC and this works perfectly.
Kevan
So you re doing all this just to get _setup.xml made for you ? Why not see whats in it and create it yourself ?
NRGZ28 said:
So you re doing all this just to get _setup.xml made for you ? Why not see whats in it and create it yourself ?
Click to expand...
Click to collapse
OK, see what's in mine and create one then...
The whole idea is to create a cab, not an xml file... at least for me that is.
Great work! I've been looking for that - didn't know you could do this
Here's a script - just add it to your SSL Chainserver folder (default: C:\Program Files\Microsoft SSL ChainSaver) and run it - it will ask you for your web/mail-server and create the cab automatically...
Code:
@echo off
set mailserver=mail.mycompany.com
set /P mailserver=Please enter your mailserver (%mailserver%) + [ENTER]:
SSLChainSaver.exe %mailserver%
copy %mailserver%.wm6.xml _setup.xml
makecab /d compress=off _setup.xml %mailserver%.cab
echo Done! Copy %mailserver%.cab to your provisioning folder and add it to your UC (SDConfig.txt) or SASHIMI script :)
pause
Regards,
Nika.
This is great, it's exactly what I needed. I just have one question. Why make a CAB file? Don't UC and Sashimi both support provisioning XML? It seems like you should be able to save a step. And taking that one step further, couldn't you put both the certificate and the Exchange provisioning in the same XML file?
dabbith said:
This is great, it's exactly what I needed. I just have one question. Why make a CAB file? Don't UC and Sashimi both support provisioning XML? It seems like you should be able to save a step. And taking that one step further, couldn't you put both the certificate and the Exchange provisioning in the same XML file?
Click to expand...
Click to collapse
For me, it's because I rarely let the UC start as when I'm evaluating a new ROM I need it to be the way the chef made it and not as it is with my modifications. Much easier for me to just run the cab files.
dabbith said:
This is great, it's exactly what I needed. I just have one question. Why make a CAB file? Don't UC and Sashimi both support provisioning XML? It seems like you should be able to save a step. And taking that one step further, couldn't you put both the certificate and the Exchange provisioning in the same XML file?
Click to expand...
Click to collapse
Lol, hadn't checked the xml yet and see now it's a provisioning XML, thanks for the tip!
hello
i need help...
a stupid question:
how i get a FQN from a server with an Cert?
I must create the server itself?
Martie said:
hello
i need help...
a stupid question:
how i get a FQN from a server with an Cert?
I must create the server itself?
Click to expand...
Click to collapse
Hi Marty,
The FQDN is the Fully Qualified Domain Name of your machine. So whatever you type into the Address Bar of the Internet Explorer to access the machine would be the FQDN. If your Exchange Server is called "server1" it's usually "server1.domainname.com" or sometimes your Domain Admin adds "mail.domainname.com" or "exchange.domainname.com which points to the server1 machine...
Regards,
Nika.

Categories

Resources