My method of creating Security Certificate cabs - Windows Mobile Development and Hacking General

Not sure if this has been discussed earlier but I've been searching for quite a while for the exact working procedure so I can have my cert installable through UC. I support many clients with Exchange 2003 and PDA's so this works really nice for me, of course YMMV
First you need Network 2.0 installed on your workstation, the x86 version alavaible here
Then, referring to Scott Yost's contribution on MSDB Blogs, SSLChainSaver v2 released download & install Windows Mobile SSLChainSaver
This will create a directory C:\Program Files\Microsoft SSL ChainSaver by default with no program group. I suggest installing to a easier to find folder as this will be run via a Command Prompt, I use D:\SSL myself.
Then I run a Command Prompt and change my Drive and Directory to that folder. (I'm sure that if you need this knowledge you already know how to navigate in a Dos windows)
There I type S and a tab (which, on an XP or Vista computer will autocomplete SSLChainSaver.exe. Type a space then the FQN of the server containing the cert, for instance, mail.mycompany.com. This will create a folder named mail.mycompany.com containing the cert, which we don't need. It will also create 2 files, mail.mycompany.com.wm5.xml and mail.mycompany.com.wm6.xml. Al my device are WM6.1 so I need the second one.
Rename the second file to _setup.xml.
The type makecab /d compress=off _setup.xml email.cab (or whatever you want to name the cab)
Copy the cab to your SC and input the necessary line into your SDConfig.txt if you use UC or simply run through File Explorer.
This, in addition to creating cabs to automatically Auto-provisioning Exchange mail via UC saves me a LOT of time.
Enjoy and I hope that somebody finds this useful

Excellent work! I have been looking for a good way to achieve this via UC and this works perfectly.
Kevan

So you re doing all this just to get _setup.xml made for you ? Why not see whats in it and create it yourself ?

NRGZ28 said:
So you re doing all this just to get _setup.xml made for you ? Why not see whats in it and create it yourself ?
Click to expand...
Click to collapse
OK, see what's in mine and create one then...
The whole idea is to create a cab, not an xml file... at least for me that is.

Great work! I've been looking for that - didn't know you could do this
Here's a script - just add it to your SSL Chainserver folder (default: C:\Program Files\Microsoft SSL ChainSaver) and run it - it will ask you for your web/mail-server and create the cab automatically...
Code:
@echo off
set mailserver=mail.mycompany.com
set /P mailserver=Please enter your mailserver (%mailserver%) + [ENTER]:
SSLChainSaver.exe %mailserver%
copy %mailserver%.wm6.xml _setup.xml
makecab /d compress=off _setup.xml %mailserver%.cab
echo Done! Copy %mailserver%.cab to your provisioning folder and add it to your UC (SDConfig.txt) or SASHIMI script :)
pause
Regards,
Nika.

This is great, it's exactly what I needed. I just have one question. Why make a CAB file? Don't UC and Sashimi both support provisioning XML? It seems like you should be able to save a step. And taking that one step further, couldn't you put both the certificate and the Exchange provisioning in the same XML file?

dabbith said:
This is great, it's exactly what I needed. I just have one question. Why make a CAB file? Don't UC and Sashimi both support provisioning XML? It seems like you should be able to save a step. And taking that one step further, couldn't you put both the certificate and the Exchange provisioning in the same XML file?
Click to expand...
Click to collapse
For me, it's because I rarely let the UC start as when I'm evaluating a new ROM I need it to be the way the chef made it and not as it is with my modifications. Much easier for me to just run the cab files.

dabbith said:
This is great, it's exactly what I needed. I just have one question. Why make a CAB file? Don't UC and Sashimi both support provisioning XML? It seems like you should be able to save a step. And taking that one step further, couldn't you put both the certificate and the Exchange provisioning in the same XML file?
Click to expand...
Click to collapse
Lol, hadn't checked the xml yet and see now it's a provisioning XML, thanks for the tip!

hello
i need help...
a stupid question:
how i get a FQN from a server with an Cert?
I must create the server itself?

Martie said:
hello
i need help...
a stupid question:
how i get a FQN from a server with an Cert?
I must create the server itself?
Click to expand...
Click to collapse
Hi Marty,
The FQDN is the Fully Qualified Domain Name of your machine. So whatever you type into the Address Bar of the Internet Explorer to access the machine would be the FQDN. If your Exchange Server is called "server1" it's usually "server1.domainname.com" or sometimes your Domain Admin adds "mail.domainname.com" or "exchange.domainname.com which points to the server1 machine...
Regards,
Nika.

Related

automated installs

Hi All,
I need some help with CAb files and such.
I'm working on a "self healing" solution for some customers of ours, so that if their device runs out of battery power, when charged, it will rebuild itself and reconfigure itself, so there is minimal user intervention.
What we do is put all our CAB files in the EXROM, and that's how we get it done.
I have an issue with our encryption software in that it's install CAB can't be run from the EXROM, it needs to be run from the root of the device. But it also has to be paired with a license file.
So what I need to do is build a CAB file, that encompasses the Pointsec install CAB and the license file, that copies itself to the root of the device upon running my CAB and runs them from there.
how do I get these files to execute once i've told them to be copied to the root?
I though i'd also put a shortcut to the install CAB in the \windows\startup folder
but once the install CAB is run, the shortcut remains, and therefore upno soft-reset it throws up errors that the file no longer exists
here is a copy of the INF file i wrote to do this.
bear in mind, i'm new to this, so it may be incorrect.
============================================================================================
[SOURCE FILE]
Name=Pointsec_Shortcut.cab
Path=C:\Documents and Settings\build\My Documents\Pocketpc\corporate soe v1.3a\EXTRACTED\new folder\Pointsec_Shortcut.cab
Type=Original
[Version]
Signature="$Chicago$"
CESignature="$Windows CE$"
Provider="Pointsec"
[CEStrings]
AppName="for Pocket PC 2.3"
InstallDir="\"
[CEDevice]
ProcessorType=0
VersionMin=0.0
VersionMax=0.0
BuildMin=0
BuildMax=0
[SourceDisksNames]
1=,Source1,,"[INSTALLDIR]"
2=,Source2,,"[License]
[SourceDisksFiles]
"Pointsec_for_Pocket_PC 2.3.cab"=1
"InstProf.ppp"=2
[CopyFiles1]
"Pointsec_for_Pocket_PC 2.3.cab",,,0x20000003
[CopyFiles2]
"InstProf.ppp",,,0x20000003
[CEShortcuts1]
"Pointsec.lnk",0,"Pointsec_for_Pocket_PC 2.3.cab"
[DestinationDirs]
CopyFiles1=0,"\"
CEShortcuts1=0,"%CE4"
[DefaultInstall]
CEShortcuts=CEShortcuts1
CopyFiles=CopyFiles1
===========================================================================================
Is there a registry entry, like in win2k/XP where I can get this to "runonce" or anything like that ?
Any help would be greatly appreciated.
you should put the cab in the ExtROM, and then.
In config.txt:
add lines to copy the cab to the root
add a line to run the cab from the root
Syntax: http://forum.xda-developers.com/viewtopic.php?t=6648&highlight=config+txt+syntax
cheers edsub,
I wasn't aware of the EXEC command for the config.txt.
that will save me from having to build a CAb file to do this !
for future reference though, is there an execute command you can put into a .inf for theCAB file?
or is that where the setup.dll comes into play ?
yup, thats the allmighty setup.dll.
problem is with that: If you havent build it, you dont know what it does . . .
damn, looks like i have to brush up on my C++ skills
thanks again !!

itsutils.dll

Hello,
Have anobody a signed itsutils.dll? or a programm that load this fu**ing .dll without a user prompt (Yes/No) on a Windows Mobile 5 Device.... I need this for a Software deployment.
Greetz
acme said:
Hello,
Have anobody a signed itsutils.dll? or a programm that load this fu**ing .dll without a user prompt (Yes/No) on a Windows Mobile 5 Device.... I need this for a Software deployment.
Greetz
Click to expand...
Click to collapse
Here is the solution:
Extract everything in a directory on your pc.
From the Command Prompt, go in the directory where you extracted the files and type: sign.bat [path of the dll or exe to be signed]
ex.:
c:\signcode>sign.bat c:\itsutils.dll
Cheers,
.Fred
Hello, It doesnt work
C:\...Downloads\SignCode>sign itsutils.dll
Warning: This file is signed, but not timestamped.
Succeeded
After this step i copy the modified .dll to \Windows (PDA) on my device. No i start the psynctime.exe on WinXP and my Device starts a user prompt for ItsUtils.dll (YES/NO). Thats the Problem
The 'not time stamped' is normal, but what you are trying to do won't work.
Here's the thing: The certificate in the attached cab is the test certificate from WM5 SDK. In order for device to recognize it you need to first provision the device (import the certificate). I can attach the cab that does it, but it isn't signed as well, so it will still ask for yes / no.
If you are looking to by pass certificates on a distribution version of your software you are out of luck.
For apps and cabs not to ask yes / no they have to be signed by an official Verisign certificate (costs money) or the device has to be set to no cert.
The second option is even more problematic for the average user, since it requires installing a reg editor on the device and changing some reg settings.
Ok, do you know an other way to stop this user prompt? Install method with automatic /yes or something like that.
Why don't you use the certified CAB that changes the registry values to allow Unsigined apps to be installed?
Check this post: http://forum.xda-developers.com/showthread.php?t=252356
dotfred said:
Here is the solution:
Extract everything in a directory on your pc.
From the Command Prompt, go in the directory where you extracted the files and type: sign.bat [path of the dll or exe to be signed]
ex.:
c:\signcode>sign.bat c:\itsutils.dll
Cheers,
.Fred
Click to expand...
Click to collapse
Hi!
If i want to sign my edited MUI file how can i do that?
Can you five me a syntax and what else need to be inside the folder?
ToddeSwe

Deny or restrain installation of applications WM5

I want to deny or restrain installation of applications on the fly as an service/process or by making changes in the registry on WM5 devices. Any ideas? The app preferely in C++/C#
CAB files are installed by wceload.exe in the windows directory.
You can overwrite this file with a blank exe, or remove the CAB extension reference to it in registry under HKEY_CLASSES_ROOT.
Deny or restrain inst. of apps
Thanks, yes I've thought about this - but this isn't a very dynamic solution. When a person run a CAB I want to check if app is okay to install from a "List" - then show a popup with a message saying something like "Sorry, you are not allowed to install this application. Please contact your company IT Admin for more info".
Is the .CAB association in HKEY_CLASSES_ROOT linked to wceload - so I could run an app to validate CAB, and if ok execute wceload..?
levenum said:
CAB files are installed by wceload.exe in the windows directory.
You can overwrite this file with a blank exe, or remove the CAB extension reference to it in registry under HKEY_CLASSES_ROOT.
Click to expand...
Click to collapse
Write up a registry entry in HKEY_CLASSES_ROOT to associate .CAB files with your custom file. Then, when the user taps on a CAB file, your program reads it, compares it against its list and, if it's approved, calls WceLoad with the appropriate parameters.
The key would probably look something like this:
HKCR\cabfile\shell\open\command
(default) = "<path to your app>" "%1"
(%1 will be replaced with the path to the CAB file).
Then, if the CAB was approved, call WceLoad with the following parameters:
\windows\wceload.exe "<path to cab file>" /nodelete
Note that some apps, may call wceload.exe directly. I am not sure if Activesync does it, but I know a couple of custom installers that do.
If you really want to secure the device against unothorized software do the following:
Rename wceload.exe to something else like wceload1.exe.
Create you own wceload.exe, but make sure you capture and preserve all command line parameters in case you need to transfer them to the original file for proper installation.
This way you can be sure no one will install anything without your permission.
Olso, keep in mind wceload is used to switch themes as well. (It handles *.tsk files).
Very much..
Thank You all!!

[HELP] How to register a dll?

I try to create a program which consists of
.asx files (to show online tv channels),
.lnk files (shorcuts to the .asx files) and
a .dll file which contains only some .ico files (icons of the tv channels).
I added all these files to a cab using WinCE Cab Manager and tried to install it on my ppc. So far so good. The problem occurred when the message “The program can not be installed. Choose another location” appeared during installation, just after the process bar was filled.
Although I have no idea about computer programming, I have created many cab’s with WinCE Cab Manager for skins I have created for several programs. Anyway, I realized that the problem occurred due to the .dll file, since this is the first time I add such a file in a .cab.
I created my .dll file using a .dll from another program which had only icons in it, as well. I deleted them using Restorator 2007 and I had an “empty” .dll sized 4KB. Then I added my icon files using XN Resource Editor.
I searched the Internet to see what might be the problem with the .dll and I found out that I have to “register” my .dll file. I really have no idea what this means but it needs to be done. I also found an option in WinCE Cab Manager for “self-registering” file, but it didn’t work either.
So, the question to you dev guys is how can I register my .dll file, or should I create it from the beginning with another way?
Please help! Thanks in advance!
sorry to repost but it seems that posts keep coming in this forum and this thread is already in the second page and I'm afraid that noone will see it and reply to it. By the way, is there any special sub-forum for such questions?
This may help. I use his instructions to edit existing DLL's
http://www.modaco.com/content/i9x0-...88904/lisbian-taskbars-for-i910/#entry1023568
It will unsign the dll which will probably fail on your custom dll but it should sign it when you are done editing.
NilsP
Many thanks for your suggestion but unfortunately it didn't work for me.
As you said, this is mainly for resigning already signed .dll files.
Any other help will be appreciated. I can attach it here if anypne is willing to help. Or just tell me the way. Thanks!
I deploy a few dll's with my app, without any problem. If the installer complains about the location, what did you specify where it should go?
There are 2 approaches to solve this problem:
1.) If you have a private key to match a certificate in the device's certificate store, sign the .dll and .cab with this private key and it will be installed with elevated privledges, and be successful. To facilitate this you can install the "SDK Certificates" - and sign with the matching private key (you should be able to find these on a search, term "SDKCerts" or similar)
2.) Look for an "Application Unlocker" or other security reduction tool, run it, and you should be able to install the cab. On this note, if you check here, it will give you a more technical overview of the security policies. You want to change 4101 / 0x1005 to "SECROLE_MANAGER" (8) - which tells the system to install it with elevated privledges. Also make sure 4102 / 0x1006 is set to 1 to allow unsigned applications.
6Fg8
I don't believe that is the location I specified that causes the problem because when I deleted the .dll file from the .cab, it was installed properly. How do you create your dll files? With programming or you just edit existing files? If I send you my .ico files, will you be able to create the .dll file for me?
Da_G
Thanks but both approaches seem very complicated for me!
So, will I need Visual Basic in order to do this or is there any easier way? Can anyone sign the dll for me?
angelos_cy said:
6Fg8
How do you create your dll files? With programming or you just edit existing files? If I send you my .ico files, will you be able to create the .dll file for me?
Click to expand...
Click to collapse
Yes with programming, C++ or .net. Never had any issue with signing. I can try to make a dll if you send me the icons (or post them here if they aren't too secret ).
6Fg8 said:
I can try to make a dll if you send me the icons (or post them here if they aren't too secret ).
Click to expand...
Click to collapse
I have sent them to you by pm. They are not secret at all but I will create a "program" (wannabe ) with that dll and I want that program to be a surprise for users of the forum where I'll post it. I may post it on xda too, but it's nothing important.
Many thanks!
angelos_cy said:
The problem occurred when the message “The program can not be installed. Choose another location” appeared during installation, just after the process bar was filled.
Click to expand...
Click to collapse
This happens because you've changed resources in signed file, which changed file checksum and invalidated it's signature, and Windows installer refuses to install file with invalid signature. But it won't refuse to install this file WITHOUT signature at all - so use unsigner (search for it on XDA) to remove signature completely; if you encounter error, try to remove signature from original (unmodified) file, and then change resources in it...
6Fg8
the_ozyrys
Thanks to both of you!
6Fg8 has created and signed the dll for me and it finally worked, but I also tried the_ozyrys' method and it also worked.
So thanks to baniaczek too, since he created the unsigner.exe.
Everything worked fine with the dll. Now the cab is installed properly.
However, I have another problem. Just after the installation of the cab on my ppc, it seems that the device freezes for about a minute. This is propably because my cab contains a lot of shortcuts (.lnk files) that go under Programs folder.
So, I would like to ask for another favour, if it's possible. As I said I intend to give this cab to others too. Since this delay can make them believe that my program has freezed their device, I would like to make the cab restart the device just after installation and after uninstallation as well. I think this is made with the "Setup.dll" which I don't know how to create.
If anyone knows how to do this and has the time for it, could you please create this setup.dll for me. If the cab is needed to do this, just tell me to send it to you.
Thanks in advance!
Anyone? Plzzzzzzz!
If you want to sign .dll or .exe u can use the apps posted in the two posts below
http://forum.xda-developers.com/showthread.php?t=432041
or
http://forum.xda-developers.com/showpost.php?p=3530246&postcount=18
raykisi
Thanks for your answer but 6Fg8 and the_ozyrys already helped me on that.
My question now is how to create a setup.dll in order to make my .cab to prompt the user to restart the device after installation and uninstallation. If anyone can do it for me, I can send you the .cab which I alreday created and you can add the setup.dll with those functions.

Frequent Rom Flashing.. Backup email settings and restore..

Gurus,
I tried searching for this but in vain. I keep flashing all the great roms posted here frequently. And every time i have to configure my email accounts from scratch and this is a real pain. Is there any way to backup the settings like we do in PIM backup and restore upon reflashing the ROM'S?
Help greatly appreciated...
Thanks,
Raj
prudviraj said:
Gurus,
I tried searching for this but in vain. I keep flashing all the great roms posted here frequently. And every time i have to configure my email accounts from scratch and this is a real pain. Is there any way to backup the settings like we do in PIM backup and restore upon reflashing the ROM'S?
Help greatly appreciated...
Thanks,
Raj
Click to expand...
Click to collapse
Same here, what is best method to backup & restore phone settings regardless of what ROM we are using.
What about Microsoft my phone?
get makisu from HERE
(its a plugin to sashimi, but it will run standalone too)
run it, (it may take a few moments to start, be patient) enter your account details, add as many as you like, including wifi settings
tutorial video HERE
copy the xml file it creates (created mine as program files/makisu/makisu.xml)
get the microsoft cabinet sdk from HERE
extract it, and in the BIN folder is an .exe file called makecab.exe
I coppied that file out to its own folder, i dont use anuthing else in the sdk.
put makecab.exe and makisu.xml in a folder together, rename the xml to _setup.xml
open a command line window, and browse to that folder.
(Useful tip for vista/7, with the folder open on screen, hold shift and right click, you will get the option to 'open command window here')
issue the command
makecab /D COMPRESS=OFF _setup.xml mail.cab
(set mail.cab to whatever.cab name you want)
Thats it, copy the cab to your phone and run it when you need to set up your email accounts (and wifi if you set that too, very handy, i've automated 5 email accounts and 3 wifi networks)
(You could also just stop at the xml stage, and next time you hard reset, instal makisu and then choose 'provision xml' and browse to the makisu.xml file and it will install the settings.)
@samsamuel - I've just found this post (after searching for "rename email account"!!) and it's awesome.....just what I've been looking for!! Now I can reload my mail settings whenever I flash....assuming I can find a way to rename the current (incorrect) mail account I just added, otherwise I'll have to go for the delete/re-create option
Thanks again for posting about "makisu" - shame I have to register on yet another forum I'll never use just to get it....unless it's hidden on XDA somewhere?
Mark.
This is all that you guys need.
This will take care of provisioning for Wi-Fi Configs, Email Configs and Certificates.
leepriestenator said:
This is all that you guys need.
This will take care of provisioning for Wi-Fi Configs, Email Configs and Certificates.
Click to expand...
Click to collapse
After you make the xml with the program, how do you access it on the phone for restoration of settings? I don't need it right now but I am making xml's since I have had to hard reset my phone 4x already (and not because I was flashing a ROM) and re-creating all the settings is such a pain. I read into the sashimi and makisu but those apps make my head spin. There has to be a simpler way. Thanks in advance.
Edit: I think I got it. Either I use Makisu to access the xml or make the cab using the post above. If I make the cab and I want to use Quick cab (since it is much easier to use), where does the file install? \Windows?? It was unclear from the previous post since the instructions are for a different cab making utility.
k8sh said:
Edit: I think I got it. Either I use Makisu to access the xml or make the cab using the post above. If I make the cab and I want to use Quick cab (since it is much easier to use), where does the file install? \Windows?? It was unclear from the previous post since the instructions are for a different cab making utility.
Click to expand...
Click to collapse
it doesnt install any files anywhere, not in teh way you mean, its just setting/changing/applying settings. Think of the xml file as a script that makes changes as it runs.
For me, i have makisu in my autoinstall folder, so it gets installed at hard reset, and i run teh xml file (also on my sd card) manually when i am ready to apply it. (I flash a lot, so sometimes i dont want email setting up, because i am gonna flash again in a few minutes).
I no longer bother creating the cab, because with the xml file you can just open it in notepad and add anotehr email account, make other small adjustments, whatever, which you cant do with a cab, you have to rebuild the whole thing from scratch. (for some reason wince cab manager cant open that cab.)
Well if you are on a custom rom, every chef support some form of UC or the other (User Customization).
In addition to Sashimi / Makisu you can also use SDConfig.txt & XDA_UC if your ROM supports it.
Google them and you'll find more info.
This looked like it would do the trick. When I run it I get a visual basic error. I have netcf v4 installed. Is there another file required to make this run?

Categories

Resources