Hi,
here is a small tool that strips (removes) digital sign (Authenticode) from PE executable files like *.exe, *.dll, *.mui, etc. On error HRESULT is returned, i.e. 0x00000005 means that file is readonly.
Code:
C:\[snip]>delcert.exe OEM\OEMOpera\OperaWM.exe
Target file(s): OEM\OEMOpera\OperaWM.exe
Stripping file: C:\[snip]\OEM\OEMOpera\OperaWM.exe.
Succeeded.
C:\[snip]>delcert.exe OEM\OEM_Lang_0409\*.mui
Target file(s): OEM_Lang_0409\*.mui
Stripping file: C:\[snip]\OEM\OEM_Lang_0409\aboutprop.dll.0409.mui.
Succeeded.
Stripping file: C:\[snip]\OEM\OEM_Lang_0409\BKLBrightness.dll.0409.mui.
Succeeded.
Source is included. You may need to install Visual Studio 2008 C++ Runtime before running.
I can't believe no one posted thanks for this I just used it recently and it worked a charm! So, thanks! Appreciate your work.
deepred said:
Hi,
here is a small tool that strips (removes) digital sign (Authenticode) from PE executable files like *.exe, *.dll, *.mui, etc. On error HRESULT is returned, i.e. 0x00000005 means that file is readonly.
Code:
C:\[snip]>delcert.exe OEM\OEMOpera\OperaWM.exe
Target file(s): OEM\OEMOpera\OperaWM.exe
Stripping file: C:\[snip]\OEM\OEMOpera\OperaWM.exe.
Succeeded.
C:\[snip]>delcert.exe OEM\OEM_Lang_0409\*.mui
Target file(s): OEM_Lang_0409\*.mui
Stripping file: C:\[snip]\OEM\OEM_Lang_0409\aboutprop.dll.0409.mui.
Succeeded.
Stripping file: C:\[snip]\OEM\OEM_Lang_0409\BKLBrightness.dll.0409.mui.
Succeeded.
Source is included. You may need to install Visual Studio 2008 C++ Runtime before running.
Click to expand...
Click to collapse
Thanks for this...it fixed and issue I had when trying to remove a cert with another tool.
This sounds really interesting, however I was wondering what it can be used for? the certificates usully just provide authentication. Can this be used to bypass protection methods, or what are some real world examples of usage?
You're right, authenticode provides input data for Windows Mobile (originally Windows CE) policy mechanism which decides then if it is allowed to run the file or not. I used it to strip authenticode from OEM files taken from HTC devices before signing them with my own certificate (I usually sign files in my cooked ROMs). I.e. if file is already signed you can't sign it with another certificate until old one is removed.
Due to the fact that certificates are asymmetric you can sign files only with private certificates. That's why I use my own certificates.
To bypass the protection you need to get some how the private part and sign you file with it. Or you can just disable the security policy that enforces file origin check.
Thanks a lot for your work! Your neat little tool is just what I was looking for to be able to sign a Flash projector with my own certificate.
Thanks
Works beautifully when other tools didn't.
Works beautifully when other tools didn't ! Is Right !
Works beautifully when other tools didn't ! Is Right !
Worked Great Thanks - Just What I was Looking For !!!!!
Still working in Windows 8.1
Still working in Windows 8.1
It's great because I can remove the cert from bit torrent and any other group policy blocked programs on my school laptop
Great and awsome tool, this can be an asset for very good "hacks" :good:
Do you have any license requirements on your source or is it safe to assume this is public domain?
Thanks OP. Appriciste for your share
Sent from my DROID RAZR M using XDA Free mobile app
Useful for software publishers
We're using the delcert tool to avoid warnings with expired certificates. Our sign tool doesn't like exe files that already have a valid, but expired signature.
Related
Hi,
Just an util I got together in no time.
Rapi Enabler, certificate disabler.
Enable all the security on your Windows Mobile 5 phone.
Credits to the author of the ce remote tools.
Instructions:
1. Download the attached file (you have to be logged into xda-dev);
2. Extract it somewhere in your computer
3. Connect your phone via activesync
4. Run the EnableRapi.bat (on your computer)
5. Done.
Have fun,
Ricardo
How does it differ from this CAB file I pulled off the HTC Apache?
I use this in my Extended ROM so that I can run unsigned applications, CAB files, and CPF files during the initialization procedure after a hard reset.
Hi BTT,
This is based on that exact cab. The only difference in enabling RAPI calls also, and doing it without needing user interaction, only needing a activesync connection.
Is a little utility I use for integration into batch files.
Bye,
Ricardo
Certificate disabler..
Probably a dumb question, but is it a replacement fort certchk on 2003 devices? Still looking for such a program.
Thx
Thanks Machinegod, this worked well. I used it on an XDA exec will it work with all WM5 devices?
Hi Machinagod
Is there a way i can call your routine from code?
I have developed software for WM5 but cannot access the database with the standard MS settings. I would like to give my users the option to unlock the rapi calls and install automatically.
Thanks in advance
Steve
ronaldovic said:
Certificate disabler..
Probably a dumb question, but is it a replacement fort certchk on 2003 devices? Still looking for such a program.
Thx
Click to expand...
Click to collapse
to ronaldovic: I believe this utility is for disabling signed applications so you can install apps that have not been signed. I have used BTT cert cab in my extended rom since he posted it (Thanks BTT, It has been very usefull)
If you are looking for disable cert check so you can activesync with MS exchange without a a SSL . Certificate connection, Micro$oft still offers a download to disable the cert sync check..
see http://www.microsoft.com/downloads/...b8-8b3a-4f1d-8e94-530a67614df1&displaylang=en
Miracle Registry
i checked many registry of "Security policies" in different device, and also SDK.
http://asukal.seesaa.net/article/12583144.html
You can understand how change it for your neccesity.
this was for your refference.
and also i got made one registry file which has many "Certificate Sotre"
from different setting devicees and CABs and SDK Emu.
This registry make your device to enable working many kinds of dll and exe or any other files without digital signed(not for all)
multi user interface files also can effect without digital signatures.
(shellress still can not, but worked with Smartphone signature)
The security revel will be same or lower than SDK emu.
but not completely finish to edit it.
so possibility of some side-effect or unkown problem.
Hope understand this point and use it as test.
But once you use this registry, you got understand why i said it miracle.
just import this registry and make soft reset.
"syntac error" displayed when you import this, but works.i will cheking the reason of this error.
lets test it.
Re: MachinaGod RAPI Unlocker - certificate disable on WM5 v0
I try to use it on my new Jamin but nothing happen.... Prog still not work.
Pls I'm a newbe, Can you help me ?
Thanks a l ot
Hi MachinaGod,
Could you tell me please what exactly this RAPI unclocker is doing? Is it possible to undo it? RAPI locker or something? Is there any security threat after you execute tis program?
Thank you!
cingular
please tell me what tool can unlock (simlock) my cingular 8525, Thank you very much!
hmmmmmmmmytfghvghdgfgfdtrsdr
unlocking spv m1500
hello,
i tried the RAPI unlocker but it did not work,
could it be because my Pocket pc is running 2003 CE?
hi
someone can send me the file i can download him pls
and one qwuestion this unlock mi simlock???
htc 8125 need help please
machinagod said:
Hi,
Just an util I got together in no time.
Rapi Enabler, certificate disabler.
Enable all the security on your Windows Mobile 5 phone.
Credits to the author of the ce remote tools.
Instructions:
1. Download the attached file (you have to be logged into xda-dev);
2. Extract it somewhere in your computer
3. Connect your phone via activesync
4. Run the EnableRapi.bat (on your computer)
5. Done.
Have fun,
Ricardo
Click to expand...
Click to collapse
i have a htc 8125 and tried your method and it never gave me a code but when i put my sim card in it says sim lock and unlock? explain how to unlock this d$$m phone.It is a cingular phone but i dont have that service.it is version 2.25
[email protected]
Hello all,
Attached is a simple CAB file that should have set the PIE user-agent stuff to be identifying the thing as IE6. I think there may be others around, I know I've seen it in a larger cab, so don't worry about this specific function. My question is regarding the fact that when I try to run it on my HTC Wizard (running WM5), I get "Installation of PIE_as_IE6.cab was unsuccessful".
I built the CAB off of the "CAB Template.cab" from http://forum.xda-developers.com/viewtopic.php?p=113615#113615 - just in case I'd run into that version issue with WM5.
Any thoughts out there on what's wrong with the CAB? Or is there a different reason it won't install?
Hi, what CSP are you using to change those settings and how are you deploying it to the device? Chances are access to that provider is restricted to a higher security role than what the cab file has permissions to do. RAPI still has access to most service providers by default but if you're downloading the cab over the air to the device it'll probably need to be signed with a suitable certificate before it's allowed to make setting changes. Mobile 5.0 security has been beefed up and its now a bit of a mission to do what was reasonable simple to do on 2003. All cpf files need to be signed if not deployed over RAPI as well, for even something trivial like adding a browser favourite.
editor is OCP Software's WinCe Cab Manager (version: 1.1)
deploy method is copy over USB cable by ActiveSync through Total Commander+WinCe Device access plugin. Execution of CAB is on the device itself through Total Commander CE or Explorer.
No CSP in use (err.. afaik).
You may be right that the part of the registry in question may simply be unavailable to access without special signing. I'll have to dig for those keywords a bit.
Yeah...the more I research Mobile 5.0 security the steeper it gets. It seems security permissions extend all the way to file IO access. Writing certain recognized system files (like theme files) without adequit permissions effectively renders those files as untrusted and they stop behaving in their expected manner. Its a pain.
We need to update one of our old pocketpc programs to Windows Mobile. It's a pretty simple program, but I'm not a C#/VB programmer.
For a visitor center we give the visitors a PDA with a flash interface. The only thing the wrapper needs to do is:
Play a flash7 file Fullscreen (regardless of resolution on screen)
Disable all hardware keys (but send to flash) and flash right click if possible.
Receive quit & reset command from Flash
Flash Lite is not an option as we use flash communication server for all communication.
This was no problem for PPC2003, but the old program does not work in WM5/6. Since we have simplified our wrapper functionality I thought it would be simple to create a new flash wrapper. I can preinstall the flash7 plugin.
Option 1: I've managed to get a C# file running if I embed IE and let that open a html with a swf, but I still need to block all hardware keys and flash right click. I've tried several things, but nothing works. It also seems like using IE inbetween is a bad solution. Embedding the flash player directly by adding it as a reference like the VB example below.
Option 2: I VB if I add the flash.dll (extracted from cab file) as a reference and run the following code:
Code:
Dim FlashObj As New ShockwaveFlashObjects.ShockwaveFlash
FlashObj.Movie = "main.swf"
I don't get a error, but I also don't get a visible flash file...
Any ideas? I know several people need to play flash files on wm5/6 as Zinc and other commercial wrappers don't support it.
I would pay for a product like this
Hi,
With the normal HTC HD rom, I installed a SSL certificate (*.crt file), by using the file-explorer, and clicking on the file.
Now I installed Dutty's latest rom, and I tried to install the certificate by clicking on it, and it tells me no program is associated with *.crt files.
Is there some other way I can add the certificate to the certificate storage? I use an exchange server that have a self-signed certificate. I had it working before I flashed the rom, so I know its possible, question is how
I hope one of you smart guys know how to do it
Thanks
- Ceder
I needed to install wildcard certificate that my company uses for Exchange. After 2-3 hours of fight (using .crs files doesnt worked well) I found a way:
1. Get "Microsoft SSL ChainSaver" and use it to obtain certificate you need
you will get 2 XML files - for HD use that one for WM6 and rename it to _setup.xml
2. Use "makecab" (got it by default in Vista Business - dont know other OS'es) to make CAB file from _setup.xml.
3. Install CAB file on your device
Rgds,
W.
Thanks! Worked perfectly!
Thread closed as OP removed its content.
- Oswald Boelcke
*********************
e
jastahooman said:
In developing...
Click to expand...
Click to collapse
interesting... looking forward to this
Wow! Waiting impatiently. Will that be bare-bones WM 6.5 or with Sense?
Looking forward to it
Nice, can you please send me kitchen, i also have a solution for the expired certificate problem so you can surf the web. You can extract them from Windows 7, 8 , 10 in the right format and then install with the Builtin certificate manager.
If someone can share them from Windows 10 in a supported format, cer does work maybe der, crt sstl but pem cant be read or converted to the other Formats without private Key.
HERE IS THE SHORT TUT AND FULL TUT LINK
Updating List of Trusted Root Certificates in Windows | Windows OS Hub
All Windows versions have a built-in feature for automatically updating root certificates from the Microsoft websites. MSFT, as part of the Microsoft Trusted Root Certificate Program, maintains and publishes a…
woshub.com
AND HOW TO GET ALL FRESH WIN10/WIN11 Certificates
certificates using the Sigcheck tool. This tool allows you to compare the list of certificates installed on the computer with the list of root certificates on the Microsoft website (you can download an offline file with up-to-date certificates authrootstl.cab).
You can manually transfer the root certificate file between Windows computers using the Export/Import options.
You can export any certificate to a .CER file by clicking on it and selecting All Tasks -> Export;
You can import this certificate on another computer using the option All Tasks -> Import.
Certutil: Download Trusted Root Certificates from Windows UpdateCertutil.exe CLI tool can be used to manage certificates (introduced in Windows 10, for Windows 7 is available as a separate update). It can be used to download an up-to-date list of root certificates from Windows Update and save it to an SST file.
To generate an SST file on a computer running Windows 10 or 11 and having direct access to the Internet, open the elevated command prompt and run the command:
certutil.exe -generateSSTFromWU C:\PS\roots.sst
Updated SST file.
CertUtil: -generateSSTFromWU command completed successfully.
Click to expand...
Click to collapse
You can visit archive.org after adding the certs uploaded in this post, from the Fileexplorer.
It ewould be nice if someone could start a certficiates megathreads,Contianing the ones used by Webbrowser other OSes etc to and the standard Windows Moible Root CAs.
Windows Mobile Root Certificates - Connectivity Analyzer
If the Microsoft Remote Connectivity Analyzer is unable to follow the certificate chain to the trusted root, then it displays the following error: "The security certificate on the server is not valid. Support code: 0x80072f0d."
docs.microsoft.com
Namely
Certificate Authority5.05.0 + MSFP6.0Thawte Server CAYesYesYesThawte Premium Server CAYesYesYesGTE CyberTrust RootYesYesYesGTE CyberTrust Global RootYesYesYesSecure Server Certification Authority (RSA)YesYesYesGlobalSign Root CAYesYesYesEntrust.net Secure Server Certification AuthorityYesYesYesEntrust.net Certification Authority (2048)YesYesYesVerisign Class 3 Public Primary Certification AuthorityYesYesYesVerisign Class 2 Public Primary Certification AuthorityYesYesYesEquifax Secure Certificate AuthorityYesYesYesValiCert Class 2 Policy Validation AuthorityNoYesYesAAA Certificate Services (Comodo CA Limited)NoNoYesAddTrust External CA RootNoNoYesBaltimore CyberTrust RootNoNoYesGo Daddy Class 2 Certification AuthorityNoNoYesStarfield Class 2 Certification AuthorityNoNoYes
There is also a new Windows Mobile build reuglary updated
Download Windows Embedded CE 6.0 Cumulative Product Update Rollup Package (through 12/31/2015) from Official Microsoft Download Center
www.microsoft.com
You can find sysbuilders with searching for
Windows Embedded CE 6.0 R3or under its prerename
Windows Embedded Compact
docs.microsoft.com
There are several variants bu kernel seems to be same.
So maybe this helps.
There is also a new Windows Mobile Build and UPdate from 2016
Download Windows Embedded CE 6.0 Cumulative Product Update Rollup Package (through 12/31/2015) from Official Microsoft Download Center
www.microsoft.com
Windows Embedded Handheld
docs.microsoft.com