UIDumpViewer 1.1 - Windows Mobile Development and Hacking General

Hi all,
I think this forum is the right place for such king of things. I want to share an updated Windows CE log dump tool. The original version of the tool is called UIDumpViewer 1.0 and located at http://www.microsoft.com/downloadS/...28-09e4-4a87-a8e4-a06f2352b754&displaylang=en.
I'm working on a very big Windows Mobile project and due to bugs in this tool it was impossible to see any info from Dr. Watson dump files. There were exceptions while loading either kdmp or pdb files. The original files have been decompiled using .NET Reflector. I've fixed some bugs, compiled it back and now the tool works much better ( at least for me ).
I've also implemented a small console viewer. You can find both two tools as well as all sources in attachment. FYI: you could use a great tool called CrashFinder 2.5 developed by John Robbins at http://www.wintellect.com/CS/blogs/jrobbins/archive/2006/04/19/crashfinder-returns.aspx. This utility helps you determine the line of code by exception address.

Hello,
great job. Got some hints:
msdia71.dll ist required and must be registered correctly (PB5 uninstaller removed the DLL but failed to unregister it so I wondered why nothing worked)
IDiaDataSource::loadAndValidateDataFromPdb is called for loading the PDB (will also validate it). In case one is sure that PDBs match the binaries except for the time stamps one should call IDiaDataSource::loadDataFromPdb instead and skip the validation.

Related

Compiling tcpmp player

Hello, i was trying to compile TCPMP Player for WIN32 and i got following error.
PHP:
Performing Custom Build Step
'yasm' is not recognized as an internal or external command,
operable program or batch file.
Project : error PRJ0019: A tool returned an error code from "Performing Custom Build Step"
Build log was saved at "c:\cc\tcpmp.src.0.72RC1\tcpmp\common\Debug\BuildLog.htm"
common - 1 error(s), 0 warning(s)
I version is tcpmp.src.0.72RC1 and compile with VS2005/2008. It compile ok for PPC / WINDOWS MOBILES. But i found WIN32 project on http://picard.exceed.hu/ and try to compile for WIN32. I start compile "common" project as it is depend for all project and it give that error.
So has anybody have experience compiling TCPMP for WIN32 and anybody know what error is that.
Many thanks
Can't help but have some sources you may like...
I'm no coder but I've been keeping an eye on every TCPMP build that pops up... Since this is still the very best free media player and since the unnofficial builds have a tendency to eventually die out I've been collecting sources I find relevant.
milesmowbray released a vs2008 build and sources. He gives info there. Also check this post by Invario which has a higher max char limit which fixes streaming from Youtube.
If you plan on adding subtitles there is a moddified source of core components (you may want to apply any needed changes to milesmowbray sources and make a separate subtitle.plg file from these sources). They don't have Intel XScale support...
To fix possible ID3v2 Unicode issues or add Pocket Scrobbler (Last.FM) capabilities I found these sources.
There are also some mods of the sources of ffmpeg.plg that add flv1 (works better than the official one with all other formats too) and flv4 (version 0.54 works fine but I can't get 0.55 to work). It would be cool if these were merged into a single plugin.
The avc/h264 source of the plugin that circles in many unnofficial builds seems to be lost but I found the TCPMP MX27 project.
I'd love to see a new PPC build.... You can find all these sources and more in my signature (they sould also be good for Win32). Also please do share any modified sources and builds you make
Hope it helps.
Hello, Many thanks for your reply and sources. I have been look at all the sources you have provided , some of them are very useful when i go ahead for the next step.
For the compiling info for WIN32, i have look at readme file and all the web as well , but there is not much i can find.
I am not a good programmer , also in this case i am not trying to modified the source of the way the player work, but i do think it is the only concern is the project setting or some setting file in the solution.
What i have found out so far is even thought this error , i can generate all library(lib) files (but no .plg file ) and i can get TCPMP WIN32 output file and i can run this application ON MY PC with the precompiled libraries from the web. So i also think the only problem i got now is to compile the "common" project and if this project setting error (Project : error PRJ0019: A tool returned an error code from "Performing Custom Build Step" ) goes way , all the other projects that depends for this project might be ok. So i need to find out how to set up project setting for "common" project.
Many thanks
I found another project at SourceForge that has a Win32 build and sources aswell as a wiki. It's OpenSVC decoder.
As another alternative pudn.com has a lot of sources/documentations/configs up for download (you need to upload some sources to be able to download from there...). Site seems to work best using IE.
Many thanks for your info, OpenSVC decoder is built for WIN32 and there is WIKI explanation , i need to install YASM to compile this. After install this still getting similar error. But this site is a good start to compile for WIN32 and i will keep on trying base on this. For pudn site , there is WIN32 build as well but it always problem when i upload files since last year, so i give up now.
Anyway many thanks for your time and info.
No problem. Just make sure you release your builds and sources in the forum if you ever do anything for PocketPCs.

Need help installing the Android SDK

I've read the other threads about this but there is no help to be found there unfortunately.
I've been playing with App Inventor because I wanted to avoid learning Java but my think now is that seeing as I do JavaScript/PHP/mySQL and HTML/CSS anyway I might as well do my app development properly.
I've been following the instructions at the official developer.android.com site.
and the part where I have the problem is with Eclipse - at step 1 on that page. I've installed the JDK but when I try to install Eclipse I get an error telling me that there is no Virtual Java machine in the eclipse\jre\bin\ folder.
Well I'm following the instructions so what can I do about this? I don't even understand the error. Is there supposed to be a file in this folder, a folder which a.doesn't come with the standard Eclipse .zip file and which b.doesn't exist at all!
I tried this all before some time ago and got the same problem. At that time I couldn't even use App Inventor because of some JDK/JRE problem but I un-installed and reinstalled Java and App Inventor is working now.
This is one of the most frustrating computing problems I've faced because I've searched all over for an answer and there is nothing out there. Frankly I'm a little surprised at how poor the installation documentation is
The only thing I can think of is I have the wrong version of Eclipse. Which exact one is everyone else using?
Hello Subjective Effect. There is not a folder named eclipse\jre\bin in eclipse installation folder. The version i m using is eclipse-helios. I was not faced the problem you have.
I've solved that part of the problem by downloading a different version of Eclipse. It is a Helios version and is the one with Java. The installation instructions are not clear on this.
I now have another issue but I'll try work that out for the time being.
So I've no idea (again because the instructions are so poor) what to do about this.
I'm on the Android Developers site and trying to start the Hello World tutorial. I'm already stumped at the stage of creating a New Project because after I set up Project name, Application name, Package name and Create Activity clicking "Finish" gives this error:
[2010-10-28 01:33:03 - HelloAndroid] ERROR: Unable to open class file C:\workspace\HelloAndroid\gen\com\subjectiveeffect\helloandroid\R.java: No such file or directory
The reason I think the docs are poor is am I supposed to have created this directory or does Eclipse create it for you? And if it's supposed to be created for you what am I doing wrong?
Subjective Effect said:
So I've no idea (again because the instructions are so poor) what to do about this.
I'm on the Android Developers site and trying to start the Hello World tutorial. I'm already stumped at the stage of creating a New Project because after I set up Project name, Application name, Package name and Create Activity clicking "Finish" gives this error:
[2010-10-28 01:33:03 - HelloAndroid] ERROR: Unable to open class file C:\workspace\HelloAndroid\gen\com\subjectiveeffect\helloandroid\R.java: No such file or directory
The reason I think the docs are poor is am I supposed to have created this directory or does Eclipse create it for you? And if it's supposed to be created for you what am I doing wrong?
Click to expand...
Click to collapse
Mine seems to have that error no matter what I type in.
So what have you done about it? Or can I continue without worrying, is this a trivial error message?
1) you should download Eclipse 3.5.2 as Helios is not supported by Android plugin yet.
http://www.eclipse.org/downloads/packages/eclipse-classic-352/galileosr2
2) R.java problem should go away if you restart eclipse
Also, to start with better use the existing sample project HelloWorld rather than setting up your own.
This is a common known bug. You can use the latest eclipse version, once you setup a project, you will have to go under project properties and choose compiler version 1.6, which is set to 1.5 usually.
Tha will solve the problem, because i was facing the same a few days ago when starting to mess with SDK and Eclipse.
I had a similar problem and gave up for awhile and when I came back to it I found out that I didn't have my paths set correctly for the java jdk, not sure if that is it but it worked for me.
I find if I restart Eclipse it fixes things.
I've been playing with layouts!

Fiddlin with WIndows Updates

So after reading about all the App Store hacks that have developed around Fiddler2, I decided to give it a go myself. After setting up the proxy, I noticed that most SSL-based transactions were failing to connect on my device (Windows Updates, Email, etc).
I exported the SSL cert that fiddler 2 installed on my development PC, emailed it to myself, and installed it on my Windows Phone device. LO and Behold, Most of my SSL issues went away! (App store still woudn't auth). More Interestingly, Windows Updates started checking for updates successfully. These transactions are done with SOAP calls.
The basic process is as follows:
1. Phone initiates a connection to the windows update server
2. a series of cab files are downloaded containing certificate and base URL info of the update server
3. the phone connects to the update server with a list of all updates it has installed as well as a unique device identifier.
4. the server responds with a list of updates that it wants the phone to evaluate.
5. If the phone decides it needs the update, it sends a request to the server for instructions to deter
6. the server responds with a specially crafted packet that contains a link to where the microsoft cab can be downloaded from as well as a checksum of the cab file and evaluation instructions to determine if the update is needed. (checking registry keys, etc the SOAP commands contain things like RegRead32)
7. the phone then downloads and installs the update, if needed.
Fiddling around with fiddler, I was able to remove the "filter" GUID from the phones request to the server. As a result, it evaluated and installed any update it could get its hands on. The Hardware Test app still shows that my last update was 5/1/2013, but the number of updated packages included in that update jumped from 83 to 200!
I have some more experiments I would like to try (such as trying to blindly write a reg key instead of just reading it...anyone know of a good one?). I am also wondering if I can somehow package a Microsoft cab file, and tell the update mechanism to download and install it. Depending on how it evaluates the cabs, I might be able to get away with signing the cab with the private key from the Fiddler certificate I installed.
Just thought I'd pass along
Very, very nice finds! I had noticed the cert pinning used on the store and on dev-unlocking, but apparently had failed to look into the update process.
Give me a little while and I'll find you the reg key used for dev-unlock. I can't guarantee you that I'll be able to give you the exact value you need - they seem to have changed the format since WP7, and I'll be working blind from templates and policy files here - but it's worth a shot. Mind you, I wouldn't be surprised if the whole process is read-only, or if the responses from Microsoft are signed (although you could try re-signing them, I guess). For what it's worth, creating an entire update from scratch (or even editing one) is unlikely to work; Windows has required a Microsoft signature (not just any trusted signature) on update files for many years now. It's certainly possible that they messed that up, though.
I also kind of want to see if some of the recent ZIP signature validation bypass exploits from Android (where you could create a ZIP file containing multiple files that have the same name, and the original would be used for the signature but the *last* copy of each file would be the one actually unpacked) might be made to work as well. I've got some ideas about that... not sure if it would work for the update format, though.
Please keep researching this!
Not that i seriously looked into that, but you may probably consider these entries as interesting
Code:
[HKEY_LOCAL_MACHINE\Software\Microsoft\DeviceReg\Install]
"MaxUnsignedApp"=DWORD:A
[HKEY_LOCAL_MACHINE\Software\Microsoft\PackageManager]
"EnableAppLicenseCheck"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\PackageManager]
"EnableAppSignatureCheck"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\PackageManager]
"EnableAppProvisioning"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\.NETCompactFramework\Managed Debugger]
"Enabled"=dword:0
"AttachEnabled"=dword:1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Silverlight\Debugger]
"WaitForAttach"=dword:1
Some of those might get obsolete already, though.
Though, the most interesting thing one can do with registry is enabling KD.
For what it's worth, creating an entire update from scratch (or even editing one) is unlikely to work; Windows has required a Microsoft signature (not just any trusted signature) on update files for many years now.
Click to expand...
Click to collapse
Yeah
I've never really looked at the fact: which certificate is used by actual cabs? look at *.cat file
GoodDayToDie said:
Very, very nice finds! I had noticed the cert pinning used on the store and on dev-unlocking, but apparently had failed to look into the update process.
Give me a little while and I'll find you the reg key used for dev-unlock. I can't guarantee you that I'll be able to give you the exact value you need - they seem to have changed the format since WP7, and I'll be working blind from templates and policy files here - but it's worth a shot. Mind you, I wouldn't be surprised if the whole process is read-only, or if the responses from Microsoft are signed (although you could try re-signing them, I guess). For what it's worth, creating an entire update from scratch (or even editing one) is unlikely to work; Windows has required a Microsoft signature (not just any trusted signature) on update files for many years now. It's certainly possible that they messed that up, though.
I also kind of want to see if some of the recent ZIP signature validation bypass exploits from Android (where you could create a ZIP file containing multiple files that have the same name, and the original would be used for the signature but the *last* copy of each file would be the one actually unpacked) might be made to work as well. I've got some ideas about that... not sure if it would work for the update format, though.
Please keep researching this!
Click to expand...
Click to collapse
Will do! Here is where it gets interesting...The attached screenshots are of a SOAP request from my phone to the update server (I disabled filtering, so the GUID isn't present) and then it's response for "missing" updates to evaluate.
the section labeled "xml" contains the instructions on how to evaluate if the update is needed.
here is a cleaned up, friendly dump of what is in the "XML" section it needs to parse to determine if an update is applicable:
Code:
<UpdateIdentity UpdateID="f092f820-8161-410b-ab11-c7a6d36b7837" RevisionNumber="101" />
<Properties UpdateType="Software" />
<Relationships>
<Prerequisites>
<UpdateIdentity UpdateID="eb644fbf-5e6e-4719-b97c-485ffb9e867f" />
<AtLeastOne>
<UpdateIdentity UpdateID="450b8808-d056-4c18-a383-2db11e463eb0" />
</AtLeastOne>
</Prerequisites>
</Relationships>
<ApplicabilityRules>
<IsInstalled>
<CspQuery LocUri="./DevDetail/SwV" Comparison="GreaterThanOrEqualTo" Value="9.0.0.0" xmlns="http://schemas.microsoft.com/msus/2002/12/MobileApplicabilityRules" />
</IsInstalled>
<IsSuperseded />
<IsInstallable>
<And xmlns="http://schemas.microsoft.com/msus/2002/12/LogicalApplicabilityRules">
<CspQuery LocUri="./DevDetail/SwV" Comparison="LessThan" Value="9.0.0.0" xmlns="http://schemas.microsoft.com/msus/2002/12/MobileApplicabilityRules" />
<b.RegSz Key="HKEY_LOCAL_MACHINE" Subkey="Software\Microsoft\Windows\CurrentVersion\DeviceUpdate\Agent\Protocol" Value="TestTarget" Comparison="EqualTo" Data="72c5dc6d-00a9-412f-9d13-f4f483f2ed7f" xmlns="http://schemas.microsoft.com/msus/2002/12/BaseApplicabilityRules" />
</And>
</IsInstallable>
</ApplicabilityRules>
an interesting URL with info from someone else that was looking into this for Win7...
http://withinwindows.com/2011/03/06/notes-on-windows-phone-7-update-process-thus-far/
I wonder if we can figure out what "updates" are actually required if we can trick the server into giving us more OOB updates/othercarrier updates/updates we aren't "supposed" to have..
Found some info on the "Evaluate" action:
Action: The action that clients in the specified target group will perform on this revision: Install, Uninstall, PreDeploymentCheck (which means that clients will not offer the update, just report back on the status), Block (which means that the update will not be deployed, and is used to override another deployment), Evaluate (which means that clients will not offer the update and will not report back on the status), or Bundle (which means that clients will not offer the update for install; it is only deployed because it is bundled by some other explicitly deployed update).
Click to expand...
Click to collapse
source:
http://msdn.microsoft.com/en-us/library/cc251980.aspx
I was also messing with fiddler and I noticed my phone access two different places when a phone update is selected. One of the pages is: http://ds.download.windowsupdate.com/wp8/MicrosoftUpdate/Redir/duredir.cab . In that cab is this file wuredir.xml and consists of:
<?xml version="1.0"?>
<WuRedir xmlns="http://schemas.microsoft.com/msus/2002/12/wuredir" redirectorId="1002">
<Protocol
elementVersion="1"
clientServerUrl="https://fe1.update.microsoft.com/v6/"
reportingServerUrl="http://statsfe1.update.microsoft.com/" />
</WuRedir>
the second page accessed is: http://fe1.update.microsoft.com/WP8/MicrosoftUpdate/Selfupdate/5_UssDetection.dll
I hexed the .dll after download and found some download links to some cert files, which are:
Microsoft Windows Phone Production PCA 2012.crt
http://www.microsoft.com/pkiops/certs/Microsoft Windows Phone Production PCA 2012.crt
MicRooCerAut_2010-06-23.crt
http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
MicTimStaPCA_2010-07-01.crt
http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt
can any of this info help us?
If either that DLL or any of those certificates are not signed (highly unlikely, but worth checking), or if the DLL doesn't enforce the signature check (extremely unlikely), or if any of the certs include the private key or use a weak hash algorithm or a short key... maybe. I checked the certs, though; they at least are clean. Nothing useful that I saw.
Reverse engineering the DLL may be useful, but it's probably native code and therefore a pain to decompile.
aclegg2011 said:
I was also messing with fiddler and I noticed my phone access two different places when a phone update is selected. One of the pages is: http://ds.download.windowsupdate.com/wp8/MicrosoftUpdate/Redir/duredir.cab . In that cab is this file wuredir.xml and consists of:
<?xml version="1.0"?>
<WuRedir xmlns="http://schemas.microsoft.com/msus/2002/12/wuredir" redirectorId="1002">
<Protocol
elementVersion="1"
clientServerUrl="https://fe1.update.microsoft.com/v6/"
reportingServerUrl="http://statsfe1.update.microsoft.com/" />
</WuRedir>
the second page accessed is: http://fe1.update.microsoft.com/WP8/MicrosoftUpdate/Selfupdate/5_UssDetection.dll
I hexed the .dll after download and found some download links to some cert files, which are:
Microsoft Windows Phone Production PCA 2012.crt
http://www.microsoft.com/pkiops/certs/Microsoft Windows Phone Production PCA 2012.crt
MicRooCerAut_2010-06-23.crt
http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
MicTimStaPCA_2010-07-01.crt
http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt
can any of this info help us?
Click to expand...
Click to collapse
Those are the first steps in the update process. Basically, it gets the certs that it will use for validation and server communication. then the CAB file contains the info on what servers are used for Windows Update communications. It then logs that a request has been made to the tracking server. After that, it gets a list of updates from the v6 address. If there are no updates, Once the update process is complete, it logs the result to the tracking server.
Do you guys think I could use this to fix the problems I seem to have when trying to stream or download music from Xbox Music? I get a lot of errors, or this song can't be played on your device and some times the app crashes. I have had this problem since I switch from my Windows Phone 7 device to my Nokia Lumia 920, and I am on my 4th 920. I think for some reason the Music store is getting botched certificates or something.
Kind of on the same subject. anyways i extracted around 140 Certificated from a HTC 8x Ruu. then installed them to my pc. Which is windows 7. The cool part was i was able to install windows phone sdk 8 and 8.1 with emulators and visual studio 2013. which i though all of these were not possible to run on windows 7. all because of certificates from a rom.

Fix - Apps and websites not working after certificates expire

As identified in this post http://forum.xda-developers.com/showpost.php?p=65344931&postcount=10 lots of apps and websites have stopped working over the past year or so (depending maybe on your ROM). This has been traced to the root certificates (used to trust websites and set up secure ssl connctions) becoming out of date. Modern devices also have many more root certificates installed by default.
Note that this doesn't fix the google market on the nook touch, nor the kindle book store. It does fix the kindle app for syncing books purchased elsewhere.
I'll port the instructions over into this post later (see the link above for now). It requires root (so is slightly risky).
If you identify any more failing sites, please provide an https link which fails to open on the nook (but does work on a PC) and I'll add the root authority to my files. Anyone working on ROMs is welcome to redistribute my cacerts.bks
<reserved>
Aargh!
tshoulihane said:
As identified in this post http://forum.xda-developers.com/showpost.php?p=65344931&postcount=10 lots of apps and websites have stopped working over the past year or so (depending maybe on your ROM). This has been traced to the root certificates (used to trust websites and set up secure ssl connctions) becoming out of date. Modern devices also have many more root certificates installed by default.
Note that this doesn't fix the google market on the nook touch, nor the kindle book store. It does fix the kindle app for syncing books purchased elsewhere.
I'll port the instructions over into this post later (see the link above for now). It requires root (so is slightly risky).
If you identify any more failing sites, please provide an https link which fails to open on the nook (but does work on a PC) and I'll add the root authority to my files. Anyone working on ROMs is welcome to redistribute my cacerts.bks
Click to expand...
Click to collapse
I've been using your updated cacerts.bks file and it is great. In January another certificate expired and I'm fairly confident it's the reason a news app (News Republic) started throwing up security certificate errors and refused to connect with the server. I think I need to be able to do the certificate updates, but I am trying to avoid going down the SDK road (a massive download I will never use for anything else) and all those complexities.
Except, nothing else seems to work. There is an ancient thread in which people discuss various ways to update pre-ICS cacerts. Unfortunately, none of them work--I've tried them all. The browser idea seems promising and Opera Mobile responds as described, but then nothing happens to the cacerts.bks file.
Portecle looks really promising (images below). It can obviously open and inspect the cacerts.bks file (password: changeit). It shows the additions you made and also indicates the expired certificate.
So I went searching for a replacement and found something that seems like the right thing (attached as a zip). It imported easily into Portecle and then appeared along with the new ones you added.
Then I returned the file to the NST and made the permissions the same as the old file. A reboot put me in a loop out of which I just barely managed to recover by inserting my NookManager card at just the right moment.
So I don't get it. The bouncycastle files recommended in the CAcerts wiki for this task are too old to be available. Surprise.
I'm tempted to NOT fix the permissions on the cacerts.bks file when I return it to the NST because I once had a similar problem with a settings.db file and it turned out that restoring the "correct" permissions resulted in a bootloop while leaving them as they were when the file was copied back made it all work just fine. But I'm too timid to try that just now.
Any insights?
From my linked thread,
Download http://www.bouncycastle.org/download...dk15on-146.jar - this is used locally on your PC to manipulate the certificates and needs to be version 146 or 147 to work with android (or old android at least)
Click to expand...
Click to collapse
It seems that when I used a different version, I got a bootloop. Although the link I referenced seems to have died, the filename still turns up plenty of hits. http://polydistortion.net/bc/download/ for example (version 1.47).
I agree its a lot of pain, and I'm not sure I still have the toolchain download that I used for this work. I'll have a dig around...
tshoulihane said:
From my linked thread,
It seems that when I used a different version, I got a bootloop. Although the link I referenced seems to have died, the filename still turns up plenty of hits. http://polydistortion.net/bc/download/ for example (version 1.47).
I agree its a lot of pain, and I'm not sure I still have the toolchain download that I used for this work. I'll have a dig around...
Click to expand...
Click to collapse
Yipes. Well, I downloaded the jar file (many thanks...I did search on the file name and came up empty) and followed your example on the other thread. Everything behaved as it should. Except for the boot loop....... This time it was even harder to get out of it.
Two possibilities come to mind. My JDK is 1.8.0_73. Maybe that's too new to work properly. The other is that the certificate, despite playing nicely as far as console feedback went, is of the wrong format, although this does not show up in the feedback or in Portecle.
Anyway, I'm sufficiently intimidated now that I'm not going back there unless I have a better way of getting out of boot loops (since I'm doing ADB over Wi-Fi).
Edit: temptation... So I went back to the CAcerts Wiki and noticed they suggest Java 6. Now, of course, the Wiki is old, but so is the Java underlying the NST, so I found an install of Java 6 and put it on the laptop we have attached to the TV (which runs Kodi and very little else). Then I repeated the entire procedure with--supposedly--all the right components. Same dreaded bootloop. So either the certificate I have has an incompatible format, or I am just hopeless at this. Maybe both
all of the old bouncy castle api releases are archived on their ftp server under ftp://ftp.bouncycastle.org/pub. i managed to find the .jar files referenced in the other thread on there and updated my cacerts.bks using the cacerts wiki instructions a few days ago. hope it helps you. using the newer release gave me a bootloop as well, but once i grabbed the older version from their ftp all was good!
shadylady said:
all of the old bouncy castle api releases are archived on their ftp server under ftp://ftp.bouncycastle.org/pub. i managed to find the .jar files referenced in the other thread on there and updated my cacerts.bks using the cacerts wiki instructions a few days ago. hope it helps you. using the newer release gave me a bootloop as well, but once i grabbed the older version from their ftp all was good!
Click to expand...
Click to collapse
Which java version were you running?
Edit: Hmm....I'm not having any luck with the link you provided. Using an FTP client I am asked for a logon and in my browser (Firefox) it never connects.
Here we go: http://www.bouncycastle.org/archive/
Remains to be seen if that will do the trick for me...
the bootloop version was whatever bouncycastle.org has as their latest release.
the one i downloaded from the ftp that didn't bootloop was this one: bcprov-jdk16-146.jar
you'll need to ftp in and use the password "anonymous" and some bogus email to get onto the ftp. from that web version of the archive it should be this package: http://www.bouncycastle.org/archive/146/bcprov-jdk16-146.tar.gz
i'm running mac, so my default java was 1.6. i updated to 1.8 but that happened after i got this all up and running already. this was the version that was default:
$ /Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Commands/java -version
java version "1.6.0_65"
Java(TM) SE Runtime Environment (build 1.6.0_65-b14-468-11M4833)
Java HotSpot(TM) 64-Bit Server VM (build 20.65-b04-468, mixed mode)
so jdk 1.6 + API 146 (or 147?) seems to be the proper mix.
at first i thought it wasn't working, because although i updated the cacerts.bks, the amazon kindle app kept saying "incorrect email/password". took me a while before i read the entire thread and realized that amazon now does two-step authentication so i had to enter the one time passcode they had sent to my email.
nmyshkin said:
Which java version were you running?
Edit: Hmm....I'm not having any luck with the link you provided. Using an FTP client I am asked for a logon and in my browser (Firefox) it never connects.
Click to expand...
Click to collapse
Well....progress, or at least I think so. This may be an easier method.
Go to http://www.bouncycastle.org/archive/ and download bcprov-jdk15on-146.jar
Go to https://sourceforge.net/projects/portecle/ and download potecle (an executable jar)
Unzip portecle. Rename the bcprov-jdk15on-146.jar to simply bcprov.jar and copy that into the unzipped portecle folder (overwrite the newer version already present).
To run portecle, just double-click on portecle.jar. You will get a statement about the 146 file being out of date, resulting in not everything working, but enough works for our purposes.
Copy cacerts.bks from your NST (system/etc/security) to your PC, open portecle and import your cacerts file (password is "changeit"). You now have a nice graphical interface for perusing and updating your certificates! If you have a *.cer certificate to update, rename the "cer" to "crt" and use the import function. It's really that simple. I tried it, copied the file back onto my NST, fixed the permissions and.......{drumroll}.......no bootloop I'm running jdk 1.8.x
That's the good news. The bad news is that I did not succeed in updating the entrust certificate. I added three from their website and while they did not break cacerts, they did not restore functionality to NewsRepublic, which is what I was hoping to do
So....this may work. It's certainly easy, but clearly you need to have the correct updated certificate to get the desired result. Duh.
Edit: OK, it's ALL bad news
Don't do any of this. It seems to go OK but yesterday I found I could not successfully open the NPR app. I thought, "well, another one bites the dust", but I was curious so I used SearchMarket to see if the app was still listed for the NST. It was. So maybe it got corrupted somehow? Anyway, I uninstalled it and was going to reinstall from the Market but suddenly I got messages about the download failing. Oh no, not another function going south?!
Well, it's all fine, but the problem was the cacerts.bks file that I had made using the method above. Although there is no bootloop on restart, there is bad ju-ju nonetheless. Restoring my backup of cacerts.bks fixed NPR and SearchMarket. So....don't go there (and the two people who thanked me, feel free to unthank me )

AppcertDLLs do not work in GUI apps

Hi, I was trying to automatically inject a dll to every process (including GUI) whenever it is started by a user . My DLL hooks DoDragDrop method of winapi and communicates with server to decide allow or disallow the drag & drop process. I use easyhook (particularly [this] for hooking part. I created a gist for my code : [Gist]
In [this ]url it says: Doesn’t work reliably against GUI applications. Stick to console apps. No wonder it didn't work in microsoft edge, and chrome.
I also tried code parts in these urls:
[first]
[second]
Finally , I already [certificated ]my dll.
Is there any other way apart from appcertdlls? Thank you in advance.
Edit: I can't use appinitdlls, some users might have secure boot enabled.
Edit2: Seems like dlls in some tutorials is under system32 ([this], and [this]) , and I moved mine under system32 too, but it did
work.

Categories

Resources