Related
Guys,
Are any of you experiencing difficulties getting into AndroidForums?
I'm finding it's been down for quite some time this morning.
Beards said:
Guys,
Are any of you experiencing difficulties getting into AndroidForums?
I'm finding it's been down for quite some time this morning.
Click to expand...
Click to collapse
Yep, me too. Can't get onto phandroid either (think it's the same site)
Looks like their DNS is hosed. Who knows what else.
Its up now; but seems to be very slow.
still down for me
Still no luck here either.
Strange thing just happened though when I clicked on a save URL to the site...It prompted me for a user name and password immediately.
Very weird!!
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, [email protected] and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
That is the result of attempting to get into the site at 11:30 am Central time.
It appears they have been compromised, big time, because the generic address is yielding the "/" (root) folder, which is protected.
- Frisco
Ocsirf said:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, [email protected] and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
That is the result of attempting to get into the site at 11:30 am Central time.
It appears they have been compromised, big time, because the generic address is yielding the "/" (root) folder, which is protected.
- Frisco
Click to expand...
Click to collapse
Great and I entered my user name and password like a moron!!
I'm glad to see this thread. I got locked out since about 8:30 MST last night and saw that enter username/password thing. Scared me so I x'd out of the tab but still can't get into their forum today. Sucks that they were hacked. Why do people do that?
It's up again now.
bidboy said:
It's up again now.
Click to expand...
Click to collapse
Not quite.....
On the site you will see this message:-
Site undergoing maintenance... we should be back shortly!
Thanks for your patience!
Beards said:
Not quite.....
On the site you will see this message:-
Site undergoing maintenance... we should be back shortly!
Thanks for your patience!
Click to expand...
Click to collapse
Yes, they are still having problems. Was working fine earlier but just tried again & get the following message :-
Fatal error: Cannot redeclare getHostName() in /home/arrowbe/public_html/neverstill/openx/www/delivery/afr.php on line 207
Hopefully will be sorted soon.
The site's back up and running.
I've got NST rooted with Nook Manager and I had installed NTGAppsAttack. My problem is that wherever I go with https I get security certificate error and text: "The name of the site does not match the name on the certificate". I know that I can get this kind of error if I would have wrong date but I have correct date.
The problem involves any website accessed via https.
I don't know if I had this problem from beign or it started after rooting. I have backup but I will have access to it in a week or so and maybe there's a simple solution to my problem.
I've removed GAPPS and changed browser from stock to Opera Mini and don't get those errors.
dflt said:
I've got NST rooted with Nook Manager and I had installed NTGAppsAttack. My problem is that wherever I go with https I get security certificate error and text: "The name of the site does not match the name on the certificate". I know that I can get this kind of error if I would have wrong date but I have correct date.
Click to expand...
Click to collapse
I have the same problem (and a problem with the Market). Did you find the problem, or a way to fix it?
The stock browser has problems with wildcard certificates (e.g. *.example.com instead of www.example.com). Use another browser as dflt discovered.
So after reading about all the App Store hacks that have developed around Fiddler2, I decided to give it a go myself. After setting up the proxy, I noticed that most SSL-based transactions were failing to connect on my device (Windows Updates, Email, etc).
I exported the SSL cert that fiddler 2 installed on my development PC, emailed it to myself, and installed it on my Windows Phone device. LO and Behold, Most of my SSL issues went away! (App store still woudn't auth). More Interestingly, Windows Updates started checking for updates successfully. These transactions are done with SOAP calls.
The basic process is as follows:
1. Phone initiates a connection to the windows update server
2. a series of cab files are downloaded containing certificate and base URL info of the update server
3. the phone connects to the update server with a list of all updates it has installed as well as a unique device identifier.
4. the server responds with a list of updates that it wants the phone to evaluate.
5. If the phone decides it needs the update, it sends a request to the server for instructions to deter
6. the server responds with a specially crafted packet that contains a link to where the microsoft cab can be downloaded from as well as a checksum of the cab file and evaluation instructions to determine if the update is needed. (checking registry keys, etc the SOAP commands contain things like RegRead32)
7. the phone then downloads and installs the update, if needed.
Fiddling around with fiddler, I was able to remove the "filter" GUID from the phones request to the server. As a result, it evaluated and installed any update it could get its hands on. The Hardware Test app still shows that my last update was 5/1/2013, but the number of updated packages included in that update jumped from 83 to 200!
I have some more experiments I would like to try (such as trying to blindly write a reg key instead of just reading it...anyone know of a good one?). I am also wondering if I can somehow package a Microsoft cab file, and tell the update mechanism to download and install it. Depending on how it evaluates the cabs, I might be able to get away with signing the cab with the private key from the Fiddler certificate I installed.
Just thought I'd pass along
Very, very nice finds! I had noticed the cert pinning used on the store and on dev-unlocking, but apparently had failed to look into the update process.
Give me a little while and I'll find you the reg key used for dev-unlock. I can't guarantee you that I'll be able to give you the exact value you need - they seem to have changed the format since WP7, and I'll be working blind from templates and policy files here - but it's worth a shot. Mind you, I wouldn't be surprised if the whole process is read-only, or if the responses from Microsoft are signed (although you could try re-signing them, I guess). For what it's worth, creating an entire update from scratch (or even editing one) is unlikely to work; Windows has required a Microsoft signature (not just any trusted signature) on update files for many years now. It's certainly possible that they messed that up, though.
I also kind of want to see if some of the recent ZIP signature validation bypass exploits from Android (where you could create a ZIP file containing multiple files that have the same name, and the original would be used for the signature but the *last* copy of each file would be the one actually unpacked) might be made to work as well. I've got some ideas about that... not sure if it would work for the update format, though.
Please keep researching this!
Not that i seriously looked into that, but you may probably consider these entries as interesting
Code:
[HKEY_LOCAL_MACHINE\Software\Microsoft\DeviceReg\Install]
"MaxUnsignedApp"=DWORD:A
[HKEY_LOCAL_MACHINE\Software\Microsoft\PackageManager]
"EnableAppLicenseCheck"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\PackageManager]
"EnableAppSignatureCheck"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\PackageManager]
"EnableAppProvisioning"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\.NETCompactFramework\Managed Debugger]
"Enabled"=dword:0
"AttachEnabled"=dword:1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Silverlight\Debugger]
"WaitForAttach"=dword:1
Some of those might get obsolete already, though.
Though, the most interesting thing one can do with registry is enabling KD.
For what it's worth, creating an entire update from scratch (or even editing one) is unlikely to work; Windows has required a Microsoft signature (not just any trusted signature) on update files for many years now.
Click to expand...
Click to collapse
Yeah
I've never really looked at the fact: which certificate is used by actual cabs? look at *.cat file
GoodDayToDie said:
Very, very nice finds! I had noticed the cert pinning used on the store and on dev-unlocking, but apparently had failed to look into the update process.
Give me a little while and I'll find you the reg key used for dev-unlock. I can't guarantee you that I'll be able to give you the exact value you need - they seem to have changed the format since WP7, and I'll be working blind from templates and policy files here - but it's worth a shot. Mind you, I wouldn't be surprised if the whole process is read-only, or if the responses from Microsoft are signed (although you could try re-signing them, I guess). For what it's worth, creating an entire update from scratch (or even editing one) is unlikely to work; Windows has required a Microsoft signature (not just any trusted signature) on update files for many years now. It's certainly possible that they messed that up, though.
I also kind of want to see if some of the recent ZIP signature validation bypass exploits from Android (where you could create a ZIP file containing multiple files that have the same name, and the original would be used for the signature but the *last* copy of each file would be the one actually unpacked) might be made to work as well. I've got some ideas about that... not sure if it would work for the update format, though.
Please keep researching this!
Click to expand...
Click to collapse
Will do! Here is where it gets interesting...The attached screenshots are of a SOAP request from my phone to the update server (I disabled filtering, so the GUID isn't present) and then it's response for "missing" updates to evaluate.
the section labeled "xml" contains the instructions on how to evaluate if the update is needed.
here is a cleaned up, friendly dump of what is in the "XML" section it needs to parse to determine if an update is applicable:
Code:
<UpdateIdentity UpdateID="f092f820-8161-410b-ab11-c7a6d36b7837" RevisionNumber="101" />
<Properties UpdateType="Software" />
<Relationships>
<Prerequisites>
<UpdateIdentity UpdateID="eb644fbf-5e6e-4719-b97c-485ffb9e867f" />
<AtLeastOne>
<UpdateIdentity UpdateID="450b8808-d056-4c18-a383-2db11e463eb0" />
</AtLeastOne>
</Prerequisites>
</Relationships>
<ApplicabilityRules>
<IsInstalled>
<CspQuery LocUri="./DevDetail/SwV" Comparison="GreaterThanOrEqualTo" Value="9.0.0.0" xmlns="http://schemas.microsoft.com/msus/2002/12/MobileApplicabilityRules" />
</IsInstalled>
<IsSuperseded />
<IsInstallable>
<And xmlns="http://schemas.microsoft.com/msus/2002/12/LogicalApplicabilityRules">
<CspQuery LocUri="./DevDetail/SwV" Comparison="LessThan" Value="9.0.0.0" xmlns="http://schemas.microsoft.com/msus/2002/12/MobileApplicabilityRules" />
<b.RegSz Key="HKEY_LOCAL_MACHINE" Subkey="Software\Microsoft\Windows\CurrentVersion\DeviceUpdate\Agent\Protocol" Value="TestTarget" Comparison="EqualTo" Data="72c5dc6d-00a9-412f-9d13-f4f483f2ed7f" xmlns="http://schemas.microsoft.com/msus/2002/12/BaseApplicabilityRules" />
</And>
</IsInstallable>
</ApplicabilityRules>
an interesting URL with info from someone else that was looking into this for Win7...
http://withinwindows.com/2011/03/06/notes-on-windows-phone-7-update-process-thus-far/
I wonder if we can figure out what "updates" are actually required if we can trick the server into giving us more OOB updates/othercarrier updates/updates we aren't "supposed" to have..
Found some info on the "Evaluate" action:
Action: The action that clients in the specified target group will perform on this revision: Install, Uninstall, PreDeploymentCheck (which means that clients will not offer the update, just report back on the status), Block (which means that the update will not be deployed, and is used to override another deployment), Evaluate (which means that clients will not offer the update and will not report back on the status), or Bundle (which means that clients will not offer the update for install; it is only deployed because it is bundled by some other explicitly deployed update).
Click to expand...
Click to collapse
source:
http://msdn.microsoft.com/en-us/library/cc251980.aspx
I was also messing with fiddler and I noticed my phone access two different places when a phone update is selected. One of the pages is: http://ds.download.windowsupdate.com/wp8/MicrosoftUpdate/Redir/duredir.cab . In that cab is this file wuredir.xml and consists of:
<?xml version="1.0"?>
<WuRedir xmlns="http://schemas.microsoft.com/msus/2002/12/wuredir" redirectorId="1002">
<Protocol
elementVersion="1"
clientServerUrl="https://fe1.update.microsoft.com/v6/"
reportingServerUrl="http://statsfe1.update.microsoft.com/" />
</WuRedir>
the second page accessed is: http://fe1.update.microsoft.com/WP8/MicrosoftUpdate/Selfupdate/5_UssDetection.dll
I hexed the .dll after download and found some download links to some cert files, which are:
Microsoft Windows Phone Production PCA 2012.crt
http://www.microsoft.com/pkiops/certs/Microsoft Windows Phone Production PCA 2012.crt
MicRooCerAut_2010-06-23.crt
http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
MicTimStaPCA_2010-07-01.crt
http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt
can any of this info help us?
If either that DLL or any of those certificates are not signed (highly unlikely, but worth checking), or if the DLL doesn't enforce the signature check (extremely unlikely), or if any of the certs include the private key or use a weak hash algorithm or a short key... maybe. I checked the certs, though; they at least are clean. Nothing useful that I saw.
Reverse engineering the DLL may be useful, but it's probably native code and therefore a pain to decompile.
aclegg2011 said:
I was also messing with fiddler and I noticed my phone access two different places when a phone update is selected. One of the pages is: http://ds.download.windowsupdate.com/wp8/MicrosoftUpdate/Redir/duredir.cab . In that cab is this file wuredir.xml and consists of:
<?xml version="1.0"?>
<WuRedir xmlns="http://schemas.microsoft.com/msus/2002/12/wuredir" redirectorId="1002">
<Protocol
elementVersion="1"
clientServerUrl="https://fe1.update.microsoft.com/v6/"
reportingServerUrl="http://statsfe1.update.microsoft.com/" />
</WuRedir>
the second page accessed is: http://fe1.update.microsoft.com/WP8/MicrosoftUpdate/Selfupdate/5_UssDetection.dll
I hexed the .dll after download and found some download links to some cert files, which are:
Microsoft Windows Phone Production PCA 2012.crt
http://www.microsoft.com/pkiops/certs/Microsoft Windows Phone Production PCA 2012.crt
MicRooCerAut_2010-06-23.crt
http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
MicTimStaPCA_2010-07-01.crt
http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt
can any of this info help us?
Click to expand...
Click to collapse
Those are the first steps in the update process. Basically, it gets the certs that it will use for validation and server communication. then the CAB file contains the info on what servers are used for Windows Update communications. It then logs that a request has been made to the tracking server. After that, it gets a list of updates from the v6 address. If there are no updates, Once the update process is complete, it logs the result to the tracking server.
Do you guys think I could use this to fix the problems I seem to have when trying to stream or download music from Xbox Music? I get a lot of errors, or this song can't be played on your device and some times the app crashes. I have had this problem since I switch from my Windows Phone 7 device to my Nokia Lumia 920, and I am on my 4th 920. I think for some reason the Music store is getting botched certificates or something.
Kind of on the same subject. anyways i extracted around 140 Certificated from a HTC 8x Ruu. then installed them to my pc. Which is windows 7. The cool part was i was able to install windows phone sdk 8 and 8.1 with emulators and visual studio 2013. which i though all of these were not possible to run on windows 7. all because of certificates from a rom.
As identified in this post http://forum.xda-developers.com/showpost.php?p=65344931&postcount=10 lots of apps and websites have stopped working over the past year or so (depending maybe on your ROM). This has been traced to the root certificates (used to trust websites and set up secure ssl connctions) becoming out of date. Modern devices also have many more root certificates installed by default.
Note that this doesn't fix the google market on the nook touch, nor the kindle book store. It does fix the kindle app for syncing books purchased elsewhere.
I'll port the instructions over into this post later (see the link above for now). It requires root (so is slightly risky).
If you identify any more failing sites, please provide an https link which fails to open on the nook (but does work on a PC) and I'll add the root authority to my files. Anyone working on ROMs is welcome to redistribute my cacerts.bks
<reserved>
Aargh!
tshoulihane said:
As identified in this post http://forum.xda-developers.com/showpost.php?p=65344931&postcount=10 lots of apps and websites have stopped working over the past year or so (depending maybe on your ROM). This has been traced to the root certificates (used to trust websites and set up secure ssl connctions) becoming out of date. Modern devices also have many more root certificates installed by default.
Note that this doesn't fix the google market on the nook touch, nor the kindle book store. It does fix the kindle app for syncing books purchased elsewhere.
I'll port the instructions over into this post later (see the link above for now). It requires root (so is slightly risky).
If you identify any more failing sites, please provide an https link which fails to open on the nook (but does work on a PC) and I'll add the root authority to my files. Anyone working on ROMs is welcome to redistribute my cacerts.bks
Click to expand...
Click to collapse
I've been using your updated cacerts.bks file and it is great. In January another certificate expired and I'm fairly confident it's the reason a news app (News Republic) started throwing up security certificate errors and refused to connect with the server. I think I need to be able to do the certificate updates, but I am trying to avoid going down the SDK road (a massive download I will never use for anything else) and all those complexities.
Except, nothing else seems to work. There is an ancient thread in which people discuss various ways to update pre-ICS cacerts. Unfortunately, none of them work--I've tried them all. The browser idea seems promising and Opera Mobile responds as described, but then nothing happens to the cacerts.bks file.
Portecle looks really promising (images below). It can obviously open and inspect the cacerts.bks file (password: changeit). It shows the additions you made and also indicates the expired certificate.
So I went searching for a replacement and found something that seems like the right thing (attached as a zip). It imported easily into Portecle and then appeared along with the new ones you added.
Then I returned the file to the NST and made the permissions the same as the old file. A reboot put me in a loop out of which I just barely managed to recover by inserting my NookManager card at just the right moment.
So I don't get it. The bouncycastle files recommended in the CAcerts wiki for this task are too old to be available. Surprise.
I'm tempted to NOT fix the permissions on the cacerts.bks file when I return it to the NST because I once had a similar problem with a settings.db file and it turned out that restoring the "correct" permissions resulted in a bootloop while leaving them as they were when the file was copied back made it all work just fine. But I'm too timid to try that just now.
Any insights?
From my linked thread,
Download http://www.bouncycastle.org/download...dk15on-146.jar - this is used locally on your PC to manipulate the certificates and needs to be version 146 or 147 to work with android (or old android at least)
Click to expand...
Click to collapse
It seems that when I used a different version, I got a bootloop. Although the link I referenced seems to have died, the filename still turns up plenty of hits. http://polydistortion.net/bc/download/ for example (version 1.47).
I agree its a lot of pain, and I'm not sure I still have the toolchain download that I used for this work. I'll have a dig around...
tshoulihane said:
From my linked thread,
It seems that when I used a different version, I got a bootloop. Although the link I referenced seems to have died, the filename still turns up plenty of hits. http://polydistortion.net/bc/download/ for example (version 1.47).
I agree its a lot of pain, and I'm not sure I still have the toolchain download that I used for this work. I'll have a dig around...
Click to expand...
Click to collapse
Yipes. Well, I downloaded the jar file (many thanks...I did search on the file name and came up empty) and followed your example on the other thread. Everything behaved as it should. Except for the boot loop....... This time it was even harder to get out of it.
Two possibilities come to mind. My JDK is 1.8.0_73. Maybe that's too new to work properly. The other is that the certificate, despite playing nicely as far as console feedback went, is of the wrong format, although this does not show up in the feedback or in Portecle.
Anyway, I'm sufficiently intimidated now that I'm not going back there unless I have a better way of getting out of boot loops (since I'm doing ADB over Wi-Fi).
Edit: temptation... So I went back to the CAcerts Wiki and noticed they suggest Java 6. Now, of course, the Wiki is old, but so is the Java underlying the NST, so I found an install of Java 6 and put it on the laptop we have attached to the TV (which runs Kodi and very little else). Then I repeated the entire procedure with--supposedly--all the right components. Same dreaded bootloop. So either the certificate I have has an incompatible format, or I am just hopeless at this. Maybe both
all of the old bouncy castle api releases are archived on their ftp server under ftp://ftp.bouncycastle.org/pub. i managed to find the .jar files referenced in the other thread on there and updated my cacerts.bks using the cacerts wiki instructions a few days ago. hope it helps you. using the newer release gave me a bootloop as well, but once i grabbed the older version from their ftp all was good!
shadylady said:
all of the old bouncy castle api releases are archived on their ftp server under ftp://ftp.bouncycastle.org/pub. i managed to find the .jar files referenced in the other thread on there and updated my cacerts.bks using the cacerts wiki instructions a few days ago. hope it helps you. using the newer release gave me a bootloop as well, but once i grabbed the older version from their ftp all was good!
Click to expand...
Click to collapse
Which java version were you running?
Edit: Hmm....I'm not having any luck with the link you provided. Using an FTP client I am asked for a logon and in my browser (Firefox) it never connects.
Here we go: http://www.bouncycastle.org/archive/
Remains to be seen if that will do the trick for me...
the bootloop version was whatever bouncycastle.org has as their latest release.
the one i downloaded from the ftp that didn't bootloop was this one: bcprov-jdk16-146.jar
you'll need to ftp in and use the password "anonymous" and some bogus email to get onto the ftp. from that web version of the archive it should be this package: http://www.bouncycastle.org/archive/146/bcprov-jdk16-146.tar.gz
i'm running mac, so my default java was 1.6. i updated to 1.8 but that happened after i got this all up and running already. this was the version that was default:
$ /Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Commands/java -version
java version "1.6.0_65"
Java(TM) SE Runtime Environment (build 1.6.0_65-b14-468-11M4833)
Java HotSpot(TM) 64-Bit Server VM (build 20.65-b04-468, mixed mode)
so jdk 1.6 + API 146 (or 147?) seems to be the proper mix.
at first i thought it wasn't working, because although i updated the cacerts.bks, the amazon kindle app kept saying "incorrect email/password". took me a while before i read the entire thread and realized that amazon now does two-step authentication so i had to enter the one time passcode they had sent to my email.
nmyshkin said:
Which java version were you running?
Edit: Hmm....I'm not having any luck with the link you provided. Using an FTP client I am asked for a logon and in my browser (Firefox) it never connects.
Click to expand...
Click to collapse
Well....progress, or at least I think so. This may be an easier method.
Go to http://www.bouncycastle.org/archive/ and download bcprov-jdk15on-146.jar
Go to https://sourceforge.net/projects/portecle/ and download potecle (an executable jar)
Unzip portecle. Rename the bcprov-jdk15on-146.jar to simply bcprov.jar and copy that into the unzipped portecle folder (overwrite the newer version already present).
To run portecle, just double-click on portecle.jar. You will get a statement about the 146 file being out of date, resulting in not everything working, but enough works for our purposes.
Copy cacerts.bks from your NST (system/etc/security) to your PC, open portecle and import your cacerts file (password is "changeit"). You now have a nice graphical interface for perusing and updating your certificates! If you have a *.cer certificate to update, rename the "cer" to "crt" and use the import function. It's really that simple. I tried it, copied the file back onto my NST, fixed the permissions and.......{drumroll}.......no bootloop I'm running jdk 1.8.x
That's the good news. The bad news is that I did not succeed in updating the entrust certificate. I added three from their website and while they did not break cacerts, they did not restore functionality to NewsRepublic, which is what I was hoping to do
So....this may work. It's certainly easy, but clearly you need to have the correct updated certificate to get the desired result. Duh.
Edit: OK, it's ALL bad news
Don't do any of this. It seems to go OK but yesterday I found I could not successfully open the NPR app. I thought, "well, another one bites the dust", but I was curious so I used SearchMarket to see if the app was still listed for the NST. It was. So maybe it got corrupted somehow? Anyway, I uninstalled it and was going to reinstall from the Market but suddenly I got messages about the download failing. Oh no, not another function going south?!
Well, it's all fine, but the problem was the cacerts.bks file that I had made using the method above. Although there is no bootloop on restart, there is bad ju-ju nonetheless. Restoring my backup of cacerts.bks fixed NPR and SearchMarket. So....don't go there (and the two people who thanked me, feel free to unthank me )
cacerts.bks file updated 12-6-20
On May 30, 2020 another certificate in our ancient cacerts.bks file expired. This was one of the certificates used by FBReader to sync with a Google Drive directory of your designation (see books.fbreader.org). I'm assuming at this point that it was the critical certificate in the link because not long ago it was possible to work around login issues as described in my earlier post here: https://forum.xda-developers.com/nook-touch/general/setting-sync-fbreader-t3957311
I was contacted by another XDA member about this issue and noticed in a logcat that the certificate had expired. I have never had any luck updating certificates, despite the description of the process by XDA member @tshoulihane. It took many a year for the basics to penetrate my thick skull and I finally decided to look at it again. I will prepare a post on this topic in a bit so the information won't die with me
Meanwhile, I have updated both certificates in a cacerts file I extracted from a Honeycomb ROM and have been using on all my NST devices. It also includes the updated Amazon certificate so the Kindle app still functions. It contains many more certificates than the file that came with the NST (some expired). At least now I see a way forward.
To update your file, download the zip below and extract the cacerts.bks file. Transfer to the SD card of your NST and then use a file manager with root privelages to copy it into /system/etc/security, overwriting the file that is already there. If you feel queasy about this, first rename the old cacerts.bks file to cacerts.bak, then move the new one in place. File permissions should be rw-r-r
Reboot.
No need for the workaround I wrote about in the earlier post now. I tried this with both Opera Mobile and Opera Mini, signed in on both browsers before starting. Opera Mini failed. Opera Mobile, with the appropriate settings for TLS 1.2 etc. as I have described in another post, balked a little but succeeded. And once you are signed in, you never need to go back to the browser (I think).
Here's what may happen:
1. You may sail through the sign-in process from FBReader (Network Library>FBReader book network) and see your file information appear. Done.
2. More likely than not you will get an "unable to establish a secure connection" or similar. This is a sadly common occurrence in Opera Mobile these days and has been roundly trounced on old Opera discussion boards. There appears to be no fix for it except to access the "Settings" window (from the "O" button). Then go to "Privacy" and then "Clear cache". Now back out of the Settings windows (Back button) and finally hit the "refresh" icon. Voila. This is a general "fix" for pages which don't want to load properly even though you have a valid certificate. I've tried running a script to delete the Opera cache before opening Opera but to no avail. Sometimes you are lucky (especially if you have not encountered any errors in a session before exiting), sometimes you are not. Like I say, once you get past this with FBReader, you should not need to go through it again. Just remember, you want to be signed in with your email, etc. on the Google homepage (the same account for your Google drive you set up with FBReader) before you go through all this.
I tested this with FW 1.2.2, but not 1.2.1
Hello!
Thanks a lot for this information, I was struggling with exactly this yesterday and came here to post this issue, but you already have a solution.
I installed Opera Mini v7.6.4 but couldn't connect to FBReader, so I tried to use the default browser and voilà. Now it's working again.
Thanks again, I really thought it was impossible to fix lol.
I haven't checked if kindle app is working, but it surely does.
Thank you!
How does one install or enable a file manager with root access? I've been googling for hours now and it's such a broad topic that I just can't for the life of me figure it out
xrupa said:
How does one install or enable a file manager with root access? I've been googling for hours now and it's such a broad topic that I just can't for the life of me figure it out
Click to expand...
Click to collapse
If your device is rooted, then you just need a "good" file manager. The version of ES File Explorer I use has an option for enabling root access. Attached.
Ah, that's the release version I have installed, I'll try and find the option, couldn't spot it earlier but that gives me hope
many thanks
Cheers, that's got me on a step or two, I think I just need to disable two step verification next as opera or the standard browser is repeatedly doing the 'failed connection' thing you mention at that stage, lightly infuriating, but at least I'm getting closer to getting my fbreader library back, many thanks!
xrupa said:
Cheers, that's got me on a step or two, I think I just need to disable two step verification next as opera or the standard browser is repeatedly doing the 'failed connection' thing you mention at that stage, lightly infuriating, but at least I'm getting closer to getting my fbreader library back, many thanks!
Click to expand...
Click to collapse
The stock browser is useless. For Opera Mobile don't neglect to make the TLS 1.2 change and, of course, update cacerts.bks
Ah great thanks, I've found that TLS thread, I'll do that and hopefully that'll be it!
nice one @nmyshkin
OMG It's done, im back into the network library on my ancient nook!
thanks so much, months of trying allsorts, nice one, thank you!