Related
Hi,
I've found this today:
http://klaig.blogspot.com/2011/05/running-gentoo-linux-as-chroot-on.html
Happy emerging!!! ;-)
htop
emerged htop and love to have tap-comp...
He also makes a how-to for cross-compiling... ;-)
http://klaig.blogspot.com/2011/05/speedup-compilation-with-distcc-cross.html
yay!
I basically did what he did except I created a file and used that as a disk to avoid needing to dedicated an entire card to it and placed it on the internal storage.
When I try and emerge something, screen for example, it doesn't like the local file:
('Filesize does not match recorded size', 352L, 840602)
and of course it fails when it tries to fetch. While it would be nice to fix the checksum errors, it would be even nicer to allow it to actually be able to open up sockets. Is there any way to enable this functionality?
Anyone installed X yet?
Tip for emerge latest binutils:
add the file /etc/portage/package.accept_keywords with the following
Code:
sys-devel/binutils ~arm
padanfain said:
yay!
I basically did what he did except I created a file and used that as a disk to avoid needing to dedicated an entire card to it and placed it on the internal storage.
When I try and emerge something, screen for example, it doesn't like the local file:
('Filesize does not match recorded size', 352L, 840602)
and of course it fails when it tries to fetch. While it would be nice to fix the checksum errors, it would be even nicer to allow it to actually be able to open up sockets. Is there any way to enable this functionality?
Anyone installed X yet?
Click to expand...
Click to collapse
Do you have set the FEATURES="-userfetch" in your make.conf?
Do you have tried it with a real sd?
x and vnc-server is working. Now I am on enlightenment(http://enligthenment.org/)...
Moved to general, as the guide is not hosted on XDA. Thanks for sharing, though!
So after reading about all the App Store hacks that have developed around Fiddler2, I decided to give it a go myself. After setting up the proxy, I noticed that most SSL-based transactions were failing to connect on my device (Windows Updates, Email, etc).
I exported the SSL cert that fiddler 2 installed on my development PC, emailed it to myself, and installed it on my Windows Phone device. LO and Behold, Most of my SSL issues went away! (App store still woudn't auth). More Interestingly, Windows Updates started checking for updates successfully. These transactions are done with SOAP calls.
The basic process is as follows:
1. Phone initiates a connection to the windows update server
2. a series of cab files are downloaded containing certificate and base URL info of the update server
3. the phone connects to the update server with a list of all updates it has installed as well as a unique device identifier.
4. the server responds with a list of updates that it wants the phone to evaluate.
5. If the phone decides it needs the update, it sends a request to the server for instructions to deter
6. the server responds with a specially crafted packet that contains a link to where the microsoft cab can be downloaded from as well as a checksum of the cab file and evaluation instructions to determine if the update is needed. (checking registry keys, etc the SOAP commands contain things like RegRead32)
7. the phone then downloads and installs the update, if needed.
Fiddling around with fiddler, I was able to remove the "filter" GUID from the phones request to the server. As a result, it evaluated and installed any update it could get its hands on. The Hardware Test app still shows that my last update was 5/1/2013, but the number of updated packages included in that update jumped from 83 to 200!
I have some more experiments I would like to try (such as trying to blindly write a reg key instead of just reading it...anyone know of a good one?). I am also wondering if I can somehow package a Microsoft cab file, and tell the update mechanism to download and install it. Depending on how it evaluates the cabs, I might be able to get away with signing the cab with the private key from the Fiddler certificate I installed.
Just thought I'd pass along
Very, very nice finds! I had noticed the cert pinning used on the store and on dev-unlocking, but apparently had failed to look into the update process.
Give me a little while and I'll find you the reg key used for dev-unlock. I can't guarantee you that I'll be able to give you the exact value you need - they seem to have changed the format since WP7, and I'll be working blind from templates and policy files here - but it's worth a shot. Mind you, I wouldn't be surprised if the whole process is read-only, or if the responses from Microsoft are signed (although you could try re-signing them, I guess). For what it's worth, creating an entire update from scratch (or even editing one) is unlikely to work; Windows has required a Microsoft signature (not just any trusted signature) on update files for many years now. It's certainly possible that they messed that up, though.
I also kind of want to see if some of the recent ZIP signature validation bypass exploits from Android (where you could create a ZIP file containing multiple files that have the same name, and the original would be used for the signature but the *last* copy of each file would be the one actually unpacked) might be made to work as well. I've got some ideas about that... not sure if it would work for the update format, though.
Please keep researching this!
Not that i seriously looked into that, but you may probably consider these entries as interesting
Code:
[HKEY_LOCAL_MACHINE\Software\Microsoft\DeviceReg\Install]
"MaxUnsignedApp"=DWORD:A
[HKEY_LOCAL_MACHINE\Software\Microsoft\PackageManager]
"EnableAppLicenseCheck"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\PackageManager]
"EnableAppSignatureCheck"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\PackageManager]
"EnableAppProvisioning"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\.NETCompactFramework\Managed Debugger]
"Enabled"=dword:0
"AttachEnabled"=dword:1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Silverlight\Debugger]
"WaitForAttach"=dword:1
Some of those might get obsolete already, though.
Though, the most interesting thing one can do with registry is enabling KD.
For what it's worth, creating an entire update from scratch (or even editing one) is unlikely to work; Windows has required a Microsoft signature (not just any trusted signature) on update files for many years now.
Click to expand...
Click to collapse
Yeah
I've never really looked at the fact: which certificate is used by actual cabs? look at *.cat file
GoodDayToDie said:
Very, very nice finds! I had noticed the cert pinning used on the store and on dev-unlocking, but apparently had failed to look into the update process.
Give me a little while and I'll find you the reg key used for dev-unlock. I can't guarantee you that I'll be able to give you the exact value you need - they seem to have changed the format since WP7, and I'll be working blind from templates and policy files here - but it's worth a shot. Mind you, I wouldn't be surprised if the whole process is read-only, or if the responses from Microsoft are signed (although you could try re-signing them, I guess). For what it's worth, creating an entire update from scratch (or even editing one) is unlikely to work; Windows has required a Microsoft signature (not just any trusted signature) on update files for many years now. It's certainly possible that they messed that up, though.
I also kind of want to see if some of the recent ZIP signature validation bypass exploits from Android (where you could create a ZIP file containing multiple files that have the same name, and the original would be used for the signature but the *last* copy of each file would be the one actually unpacked) might be made to work as well. I've got some ideas about that... not sure if it would work for the update format, though.
Please keep researching this!
Click to expand...
Click to collapse
Will do! Here is where it gets interesting...The attached screenshots are of a SOAP request from my phone to the update server (I disabled filtering, so the GUID isn't present) and then it's response for "missing" updates to evaluate.
the section labeled "xml" contains the instructions on how to evaluate if the update is needed.
here is a cleaned up, friendly dump of what is in the "XML" section it needs to parse to determine if an update is applicable:
Code:
<UpdateIdentity UpdateID="f092f820-8161-410b-ab11-c7a6d36b7837" RevisionNumber="101" />
<Properties UpdateType="Software" />
<Relationships>
<Prerequisites>
<UpdateIdentity UpdateID="eb644fbf-5e6e-4719-b97c-485ffb9e867f" />
<AtLeastOne>
<UpdateIdentity UpdateID="450b8808-d056-4c18-a383-2db11e463eb0" />
</AtLeastOne>
</Prerequisites>
</Relationships>
<ApplicabilityRules>
<IsInstalled>
<CspQuery LocUri="./DevDetail/SwV" Comparison="GreaterThanOrEqualTo" Value="9.0.0.0" xmlns="http://schemas.microsoft.com/msus/2002/12/MobileApplicabilityRules" />
</IsInstalled>
<IsSuperseded />
<IsInstallable>
<And xmlns="http://schemas.microsoft.com/msus/2002/12/LogicalApplicabilityRules">
<CspQuery LocUri="./DevDetail/SwV" Comparison="LessThan" Value="9.0.0.0" xmlns="http://schemas.microsoft.com/msus/2002/12/MobileApplicabilityRules" />
<b.RegSz Key="HKEY_LOCAL_MACHINE" Subkey="Software\Microsoft\Windows\CurrentVersion\DeviceUpdate\Agent\Protocol" Value="TestTarget" Comparison="EqualTo" Data="72c5dc6d-00a9-412f-9d13-f4f483f2ed7f" xmlns="http://schemas.microsoft.com/msus/2002/12/BaseApplicabilityRules" />
</And>
</IsInstallable>
</ApplicabilityRules>
an interesting URL with info from someone else that was looking into this for Win7...
http://withinwindows.com/2011/03/06/notes-on-windows-phone-7-update-process-thus-far/
I wonder if we can figure out what "updates" are actually required if we can trick the server into giving us more OOB updates/othercarrier updates/updates we aren't "supposed" to have..
Found some info on the "Evaluate" action:
Action: The action that clients in the specified target group will perform on this revision: Install, Uninstall, PreDeploymentCheck (which means that clients will not offer the update, just report back on the status), Block (which means that the update will not be deployed, and is used to override another deployment), Evaluate (which means that clients will not offer the update and will not report back on the status), or Bundle (which means that clients will not offer the update for install; it is only deployed because it is bundled by some other explicitly deployed update).
Click to expand...
Click to collapse
source:
http://msdn.microsoft.com/en-us/library/cc251980.aspx
I was also messing with fiddler and I noticed my phone access two different places when a phone update is selected. One of the pages is: http://ds.download.windowsupdate.com/wp8/MicrosoftUpdate/Redir/duredir.cab . In that cab is this file wuredir.xml and consists of:
<?xml version="1.0"?>
<WuRedir xmlns="http://schemas.microsoft.com/msus/2002/12/wuredir" redirectorId="1002">
<Protocol
elementVersion="1"
clientServerUrl="https://fe1.update.microsoft.com/v6/"
reportingServerUrl="http://statsfe1.update.microsoft.com/" />
</WuRedir>
the second page accessed is: http://fe1.update.microsoft.com/WP8/MicrosoftUpdate/Selfupdate/5_UssDetection.dll
I hexed the .dll after download and found some download links to some cert files, which are:
Microsoft Windows Phone Production PCA 2012.crt
http://www.microsoft.com/pkiops/certs/Microsoft Windows Phone Production PCA 2012.crt
MicRooCerAut_2010-06-23.crt
http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
MicTimStaPCA_2010-07-01.crt
http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt
can any of this info help us?
If either that DLL or any of those certificates are not signed (highly unlikely, but worth checking), or if the DLL doesn't enforce the signature check (extremely unlikely), or if any of the certs include the private key or use a weak hash algorithm or a short key... maybe. I checked the certs, though; they at least are clean. Nothing useful that I saw.
Reverse engineering the DLL may be useful, but it's probably native code and therefore a pain to decompile.
aclegg2011 said:
I was also messing with fiddler and I noticed my phone access two different places when a phone update is selected. One of the pages is: http://ds.download.windowsupdate.com/wp8/MicrosoftUpdate/Redir/duredir.cab . In that cab is this file wuredir.xml and consists of:
<?xml version="1.0"?>
<WuRedir xmlns="http://schemas.microsoft.com/msus/2002/12/wuredir" redirectorId="1002">
<Protocol
elementVersion="1"
clientServerUrl="https://fe1.update.microsoft.com/v6/"
reportingServerUrl="http://statsfe1.update.microsoft.com/" />
</WuRedir>
the second page accessed is: http://fe1.update.microsoft.com/WP8/MicrosoftUpdate/Selfupdate/5_UssDetection.dll
I hexed the .dll after download and found some download links to some cert files, which are:
Microsoft Windows Phone Production PCA 2012.crt
http://www.microsoft.com/pkiops/certs/Microsoft Windows Phone Production PCA 2012.crt
MicRooCerAut_2010-06-23.crt
http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
MicTimStaPCA_2010-07-01.crt
http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt
can any of this info help us?
Click to expand...
Click to collapse
Those are the first steps in the update process. Basically, it gets the certs that it will use for validation and server communication. then the CAB file contains the info on what servers are used for Windows Update communications. It then logs that a request has been made to the tracking server. After that, it gets a list of updates from the v6 address. If there are no updates, Once the update process is complete, it logs the result to the tracking server.
Do you guys think I could use this to fix the problems I seem to have when trying to stream or download music from Xbox Music? I get a lot of errors, or this song can't be played on your device and some times the app crashes. I have had this problem since I switch from my Windows Phone 7 device to my Nokia Lumia 920, and I am on my 4th 920. I think for some reason the Music store is getting botched certificates or something.
Kind of on the same subject. anyways i extracted around 140 Certificated from a HTC 8x Ruu. then installed them to my pc. Which is windows 7. The cool part was i was able to install windows phone sdk 8 and 8.1 with emulators and visual studio 2013. which i though all of these were not possible to run on windows 7. all because of certificates from a rom.
Since the FireTV is always on it is perfectly suited as a Download centre when combined with an external HDD.
At the moment I'm runnig NZBGet mobile to download media from usenet to my external HDD which is mounted using Stickmount. By installing python for android I managed to get VideoSort to work, which is a script which automatically recognizes the TV-Show/Movie for you and names it accordingly, moves it and cleans up any left-over thrash. Works very well so far.
Combined with some usenet indexing site which build rss feeds (or remote push to NZBGet) for any new episodes/movie releases you can automatically download any new stuff which you might want. Some even import any stuff from your Trakt/IMDB watchlist. As XBMC is running on the same machine it is also easy to let XBMC update the library when any new media is added.
Wonder if anyone else has set up anything like this? I looked into installing transmission through optware on the FireTV but couldn’t install optware as it wouldn’t let me remount. Can install uTorrent and control that from your phone but as far as I saw I couldn’t get it to run a cleanup script after any download is done. Really want it to be all automated so for now I’m only using usenet, which I prefer over torrents anyway.
you have just made my day you have no idea. ive been working on getting a renamer to work on my fire tv i already have a torrent based downloader with a custom rss feed to download but i couldnt for the life of me find one.
as for clean up im not quite sure what you mean but this is my setup
Flud run auto download through rss and updates decently when it downloads when its done it will delete the torrent file and there is an option to move the file when it is done downloading
i have my hdd mounted and all files are moved to the uncatagorized folder but after that i i cant sort them so im gonna try your method but a really good app i found is watchdog it auto updates the xbmc library a lot better then anything else
if theres anything i can help with let me know
thanks again
Also flud will delet old items and if its renamed and moved it should be able to delete the old unnecessary folders
so since videosort requires NZB do you know a way to make it work without it?
P.S. Sorry about my grammar its my worst subject and I was more excited to post then check haha
Dragracekid said:
you have just made my day you have no idea. ive been working on getting a renamer to work on my fire tv i already have a torrent based downloader with a custom rss feed to download but i couldnt for the life of me find one.
as for clean up im not quite sure what you mean but this is my setup
Flud run auto download through rss and updates decently when it downloads when its done it will delete the torrent file and there is an option to move the file when it is done downloading
i have my hdd mounted and all files are moved to the uncatagorized folder but after that i i cant sort them so im gonna try your method but a really good app i found is watchdog it auto updates the xbmc library a lot better then anything else
if theres anything i can help with let me know
thanks again
Also flud will delet old items and if its renamed and moved it should be able to delete the old unnecessary folders
so since videosort requires NZB do you know a way to make it work without it?
P.S. Sorry about my grammar its my worst subject and I was more excited to post then check haha
Click to expand...
Click to collapse
The VideoSort script can be modified to work with torrents as well. It uses some variables passed by NZBGet (Download Directory, NZB-name, etc) to process the download. If there is any torrent client for android which allows you to call a script after a download is done and has some way to pass the download location it should work. I don't know of any torrent client on android that does this though. uTorrent, transmission and more allow for this in their Windows clients.
What I did before I got python working was I shared my external HDD with my Windows network using Samba Filesharing. Then I just had a simple batch file setup which would sort the media by using Filebot.
So there isn't an equivalent sabnzbd suite (sickbeard, couchpotato) for the Android fork like you have on openelec?
Sent from my D6503 using Tapatalk
What if we use tasker to trigger an event when a file or folder gets moved to the UnCategorised folder? The event being a Python script that I found called turbo sort it works great.
Also one more thing I would love to get flexget working to scrape rss feeds have you looked into this at all?
I've made a lot of progress on this and the last day I'm somewhat close to making a thread that explains how to make an automated system but I've got to make sure everything works flawlessly first.
Bad grammar this time is due to voice keyboard lol
nzbget version?
I've been messing with nzbget on gbox and fire for some time now. Now gbox has openelec sabnzbdsuite is perfect. Before that was using nzbget and it worked well, however latest version with extraction would start loading on ftv but just hang. I did manage to get old version to run fine but no auto extract. Which version you using? Did you manage to add unrar pp script?
nadimsoze said:
So there isn't an equivalent sabnzbd suite (sickbeard, couchpotato) for the Android fork like you have on openelec?
Sent from my D6503 using Tapatalk
Click to expand...
Click to collapse
Not that I know off. Think there is a Sickbeard version for android though. I tried to install SABnzbd through optware on my tablet but couldn't get it to work well with python. You should try NZBGet, works well. Also is less resource intensive. If you combine NZBGet with indexer to automatically add stuff and use the NZBGet post processing scripts to order the media you will basically have sabnzbd/sickbeard/couch into 1 app by just running NZBGet combined with an indexer (I use DogNZB).
Dragracekid said:
What if we use tasker to trigger an event when a file or folder gets moved to the UnCategorised folder? The event being a Python script that I found called turbo sort it works great.
Also one more thing I would love to get flexget working to scrape rss feeds have you looked into this at all?
I've made a lot of progress on this and the last day I'm somewhat close to making a thread that explains how to make an automated system but I've got to make sure everything works flawlessly first.
Bad grammar this time is due to voice keyboard lol
Click to expand...
Click to collapse
The script I use, VideoSort, is a evolved version of the Turbo script. Good idea on Tasker to watch for the folder. Think that should work. You can try it yourself, install Python for Android and use it to run the script.
xokol2lvox said:
I've been messing with nzbget on gbox and fire for some time now. Now gbox has openelec sabnzbdsuite is perfect. Before that was using nzbget and it worked well, however latest version with extraction would start loading on ftv but just hang. I did manage to get old version to run fine but no auto extract. Which version you using? Did you manage to add unrar pp script?
Click to expand...
Click to collapse
The NZBGet version I have already has parcheck and unrarring build in. Only need to add post processing scripts if you want to do more. Atm I have 3 running, 1 to rename a specific format and place them in my tvshow/seasons/episodes folder structure. 1 to notify XBMC and 1 to notify me of new downloads on my phone.
Running this version:
https://play.google.com/store/apps/details?id=com.greatlittleapps.nzbm&hl=nl_NL
The NZBGet version I have already has parcheck and unrarring build in. Only need to add post processing scripts if you want to do more. Atm I have 3 running, 1 to rename a specific format and place them in my tvshow/seasons/episodes folder structure. 1 to notify XBMC and 1 to notify me of new downloads on my phone.
Running this version:
https://play.google.com/store/apps/details?id=com.greatlittleapps.nzbm&hl=nl_NL
Click to expand...
Click to collapse
That's odd, that's same version that just hangs of aftv for me. Maybe time to break it out again and start from scratch.
Can't quite get it to work
Hi Nedle,
Thanks for writing this post I've been scratching my head over this for days.
Ive set up sickbeard for android just for TV post processing with rss feeds from probably the same nzb indexer as you, its a bit hit and miss really because some of the extracted files are labelled 2 folders deep with the parent folder showing the show details, another folder with random characters and then finally the video file with more random characters. It seems like sickbeard will only pick up strangely labelled files in the parent folder and not go digging.
It looks like getting videosort to work could hopefully sort this out, I'm not sure how to get python running properly. Ive tried running the r5 version from the link you gave and the python3 version with no success. I've put the videosort zip in the download folder and tried to import it into python but it pops up with an error. Videosort on Nzbget continues to fail in pp.
What process did you go through to get python to work? I'm sure I must be making a rookie error here
Thanks!
Nedle said:
Since the FireTV is always on it is perfectly suited as a Download centre when combined with an external HDD.
At the moment I'm runnig NZBGet mobile to download media from usenet to my external HDD which is mounted using Stickmount.
How did you that setup? Specifically, the nzbget sideloaded on your aftv? Did you sideload google play store and download directly to your machine? Any help/instructions would be helpful...
Click to expand...
Click to collapse
olliewings said:
Hi Nedle,
Thanks for writing this post I've been scratching my head over this for days.
Ive set up sickbeard for android just for TV post processing with rss feeds from probably the same nzb indexer as you, its a bit hit and miss really because some of the extracted files are labelled 2 folders deep with the parent folder showing the show details, another folder with random characters and then finally the video file with more random characters. It seems like sickbeard will only pick up strangely labelled files in the parent folder and not go digging.
It looks like getting videosort to work could hopefully sort this out, I'm not sure how to get python running properly. Ive tried running the r5 version from the link you gave and the python3 version with no success. I've put the videosort zip in the download folder and tried to import it into python but it pops up with an error. Videosort on Nzbget continues to fail in pp.
What process did you go through to get python to work? I'm sure I must be making a rookie error here
Thanks!
Click to expand...
Click to collapse
Sorry for a very late reaction, didn't see this until now. Scripts will have to be executable, think android doesn't allow this on the sdcard. To fix this all my scripts are located on my external hdd. Furthermore you will need to set the path and call the videosort script from a shell script as it won't work directly (atleast I couldn't).
So in my nzbget scripts folder I have a call_VideoSort.sh script, which calls VideoSort.py. The libraries which VideoSort needs (guessit) I copied to /sdcard/com.googlecode.pythonforandroid\extras\python.
call_VideoSort.sh contains all the Nzbget stuff: The options for format, folder structure, etc. Then at the bottom it simply has:
Code:
export PYTHONHOME=/data/data/com.googlecode.pythonforandroid/files/python
export PYTHONPATH=/storage/sdcard0/com.googlecode.pythonforandroid/extras/python:/data/data/com.googlecode.pythonforandroid/files/python/lib/python2.6
export PATH=$PYTHONHOME/bin:/system/bin:/system/xbin:$PATH
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/data/data/com.googlecode.pythonforandroid/files/python/lib
python "<PATHtoVideoSort.py>"
Let me know if you need any help and I'll see if I can.
jnusraty said:
Nedle said:
Since the FireTV is always on it is perfectly suited as a Download centre when combined with an external HDD.
At the moment I'm runnig NZBGet mobile to download media from usenet to my external HDD which is mounted using Stickmount.
How did you that setup? Specifically, the nzbget sideloaded on your aftv? Did you sideload google play store and download directly to your machine? Any help/instructions would be helpful...
Click to expand...
Click to collapse
Yes, I have the playstore installed and installed NZBGet from there. But you can just sideload nzbget as well, shouldn't be a problem. Downloading stuff is pretty straight forward. If you want to automatically sort your media you will need post processing scripts which require python. That takes a bit more tinkering to work, as you will have to install python and make the scripts executable.
If you get stuck anywhere let me know what errors you get and I'll try to help. You can use http://apps.evozi.com/apk-downloader/ to download the nzbget apk and sideload it.
Click to expand...
Click to collapse
As identified in this post http://forum.xda-developers.com/showpost.php?p=65344931&postcount=10 lots of apps and websites have stopped working over the past year or so (depending maybe on your ROM). This has been traced to the root certificates (used to trust websites and set up secure ssl connctions) becoming out of date. Modern devices also have many more root certificates installed by default.
Note that this doesn't fix the google market on the nook touch, nor the kindle book store. It does fix the kindle app for syncing books purchased elsewhere.
I'll port the instructions over into this post later (see the link above for now). It requires root (so is slightly risky).
If you identify any more failing sites, please provide an https link which fails to open on the nook (but does work on a PC) and I'll add the root authority to my files. Anyone working on ROMs is welcome to redistribute my cacerts.bks
<reserved>
Aargh!
tshoulihane said:
As identified in this post http://forum.xda-developers.com/showpost.php?p=65344931&postcount=10 lots of apps and websites have stopped working over the past year or so (depending maybe on your ROM). This has been traced to the root certificates (used to trust websites and set up secure ssl connctions) becoming out of date. Modern devices also have many more root certificates installed by default.
Note that this doesn't fix the google market on the nook touch, nor the kindle book store. It does fix the kindle app for syncing books purchased elsewhere.
I'll port the instructions over into this post later (see the link above for now). It requires root (so is slightly risky).
If you identify any more failing sites, please provide an https link which fails to open on the nook (but does work on a PC) and I'll add the root authority to my files. Anyone working on ROMs is welcome to redistribute my cacerts.bks
Click to expand...
Click to collapse
I've been using your updated cacerts.bks file and it is great. In January another certificate expired and I'm fairly confident it's the reason a news app (News Republic) started throwing up security certificate errors and refused to connect with the server. I think I need to be able to do the certificate updates, but I am trying to avoid going down the SDK road (a massive download I will never use for anything else) and all those complexities.
Except, nothing else seems to work. There is an ancient thread in which people discuss various ways to update pre-ICS cacerts. Unfortunately, none of them work--I've tried them all. The browser idea seems promising and Opera Mobile responds as described, but then nothing happens to the cacerts.bks file.
Portecle looks really promising (images below). It can obviously open and inspect the cacerts.bks file (password: changeit). It shows the additions you made and also indicates the expired certificate.
So I went searching for a replacement and found something that seems like the right thing (attached as a zip). It imported easily into Portecle and then appeared along with the new ones you added.
Then I returned the file to the NST and made the permissions the same as the old file. A reboot put me in a loop out of which I just barely managed to recover by inserting my NookManager card at just the right moment.
So I don't get it. The bouncycastle files recommended in the CAcerts wiki for this task are too old to be available. Surprise.
I'm tempted to NOT fix the permissions on the cacerts.bks file when I return it to the NST because I once had a similar problem with a settings.db file and it turned out that restoring the "correct" permissions resulted in a bootloop while leaving them as they were when the file was copied back made it all work just fine. But I'm too timid to try that just now.
Any insights?
From my linked thread,
Download http://www.bouncycastle.org/download...dk15on-146.jar - this is used locally on your PC to manipulate the certificates and needs to be version 146 or 147 to work with android (or old android at least)
Click to expand...
Click to collapse
It seems that when I used a different version, I got a bootloop. Although the link I referenced seems to have died, the filename still turns up plenty of hits. http://polydistortion.net/bc/download/ for example (version 1.47).
I agree its a lot of pain, and I'm not sure I still have the toolchain download that I used for this work. I'll have a dig around...
tshoulihane said:
From my linked thread,
It seems that when I used a different version, I got a bootloop. Although the link I referenced seems to have died, the filename still turns up plenty of hits. http://polydistortion.net/bc/download/ for example (version 1.47).
I agree its a lot of pain, and I'm not sure I still have the toolchain download that I used for this work. I'll have a dig around...
Click to expand...
Click to collapse
Yipes. Well, I downloaded the jar file (many thanks...I did search on the file name and came up empty) and followed your example on the other thread. Everything behaved as it should. Except for the boot loop....... This time it was even harder to get out of it.
Two possibilities come to mind. My JDK is 1.8.0_73. Maybe that's too new to work properly. The other is that the certificate, despite playing nicely as far as console feedback went, is of the wrong format, although this does not show up in the feedback or in Portecle.
Anyway, I'm sufficiently intimidated now that I'm not going back there unless I have a better way of getting out of boot loops (since I'm doing ADB over Wi-Fi).
Edit: temptation... So I went back to the CAcerts Wiki and noticed they suggest Java 6. Now, of course, the Wiki is old, but so is the Java underlying the NST, so I found an install of Java 6 and put it on the laptop we have attached to the TV (which runs Kodi and very little else). Then I repeated the entire procedure with--supposedly--all the right components. Same dreaded bootloop. So either the certificate I have has an incompatible format, or I am just hopeless at this. Maybe both
all of the old bouncy castle api releases are archived on their ftp server under ftp://ftp.bouncycastle.org/pub. i managed to find the .jar files referenced in the other thread on there and updated my cacerts.bks using the cacerts wiki instructions a few days ago. hope it helps you. using the newer release gave me a bootloop as well, but once i grabbed the older version from their ftp all was good!
shadylady said:
all of the old bouncy castle api releases are archived on their ftp server under ftp://ftp.bouncycastle.org/pub. i managed to find the .jar files referenced in the other thread on there and updated my cacerts.bks using the cacerts wiki instructions a few days ago. hope it helps you. using the newer release gave me a bootloop as well, but once i grabbed the older version from their ftp all was good!
Click to expand...
Click to collapse
Which java version were you running?
Edit: Hmm....I'm not having any luck with the link you provided. Using an FTP client I am asked for a logon and in my browser (Firefox) it never connects.
Here we go: http://www.bouncycastle.org/archive/
Remains to be seen if that will do the trick for me...
the bootloop version was whatever bouncycastle.org has as their latest release.
the one i downloaded from the ftp that didn't bootloop was this one: bcprov-jdk16-146.jar
you'll need to ftp in and use the password "anonymous" and some bogus email to get onto the ftp. from that web version of the archive it should be this package: http://www.bouncycastle.org/archive/146/bcprov-jdk16-146.tar.gz
i'm running mac, so my default java was 1.6. i updated to 1.8 but that happened after i got this all up and running already. this was the version that was default:
$ /Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Commands/java -version
java version "1.6.0_65"
Java(TM) SE Runtime Environment (build 1.6.0_65-b14-468-11M4833)
Java HotSpot(TM) 64-Bit Server VM (build 20.65-b04-468, mixed mode)
so jdk 1.6 + API 146 (or 147?) seems to be the proper mix.
at first i thought it wasn't working, because although i updated the cacerts.bks, the amazon kindle app kept saying "incorrect email/password". took me a while before i read the entire thread and realized that amazon now does two-step authentication so i had to enter the one time passcode they had sent to my email.
nmyshkin said:
Which java version were you running?
Edit: Hmm....I'm not having any luck with the link you provided. Using an FTP client I am asked for a logon and in my browser (Firefox) it never connects.
Click to expand...
Click to collapse
Well....progress, or at least I think so. This may be an easier method.
Go to http://www.bouncycastle.org/archive/ and download bcprov-jdk15on-146.jar
Go to https://sourceforge.net/projects/portecle/ and download potecle (an executable jar)
Unzip portecle. Rename the bcprov-jdk15on-146.jar to simply bcprov.jar and copy that into the unzipped portecle folder (overwrite the newer version already present).
To run portecle, just double-click on portecle.jar. You will get a statement about the 146 file being out of date, resulting in not everything working, but enough works for our purposes.
Copy cacerts.bks from your NST (system/etc/security) to your PC, open portecle and import your cacerts file (password is "changeit"). You now have a nice graphical interface for perusing and updating your certificates! If you have a *.cer certificate to update, rename the "cer" to "crt" and use the import function. It's really that simple. I tried it, copied the file back onto my NST, fixed the permissions and.......{drumroll}.......no bootloop I'm running jdk 1.8.x
That's the good news. The bad news is that I did not succeed in updating the entrust certificate. I added three from their website and while they did not break cacerts, they did not restore functionality to NewsRepublic, which is what I was hoping to do
So....this may work. It's certainly easy, but clearly you need to have the correct updated certificate to get the desired result. Duh.
Edit: OK, it's ALL bad news
Don't do any of this. It seems to go OK but yesterday I found I could not successfully open the NPR app. I thought, "well, another one bites the dust", but I was curious so I used SearchMarket to see if the app was still listed for the NST. It was. So maybe it got corrupted somehow? Anyway, I uninstalled it and was going to reinstall from the Market but suddenly I got messages about the download failing. Oh no, not another function going south?!
Well, it's all fine, but the problem was the cacerts.bks file that I had made using the method above. Although there is no bootloop on restart, there is bad ju-ju nonetheless. Restoring my backup of cacerts.bks fixed NPR and SearchMarket. So....don't go there (and the two people who thanked me, feel free to unthank me )
cacerts.bks file updated 12-6-20
On May 30, 2020 another certificate in our ancient cacerts.bks file expired. This was one of the certificates used by FBReader to sync with a Google Drive directory of your designation (see books.fbreader.org). I'm assuming at this point that it was the critical certificate in the link because not long ago it was possible to work around login issues as described in my earlier post here: https://forum.xda-developers.com/nook-touch/general/setting-sync-fbreader-t3957311
I was contacted by another XDA member about this issue and noticed in a logcat that the certificate had expired. I have never had any luck updating certificates, despite the description of the process by XDA member @tshoulihane. It took many a year for the basics to penetrate my thick skull and I finally decided to look at it again. I will prepare a post on this topic in a bit so the information won't die with me
Meanwhile, I have updated both certificates in a cacerts file I extracted from a Honeycomb ROM and have been using on all my NST devices. It also includes the updated Amazon certificate so the Kindle app still functions. It contains many more certificates than the file that came with the NST (some expired). At least now I see a way forward.
To update your file, download the zip below and extract the cacerts.bks file. Transfer to the SD card of your NST and then use a file manager with root privelages to copy it into /system/etc/security, overwriting the file that is already there. If you feel queasy about this, first rename the old cacerts.bks file to cacerts.bak, then move the new one in place. File permissions should be rw-r-r
Reboot.
No need for the workaround I wrote about in the earlier post now. I tried this with both Opera Mobile and Opera Mini, signed in on both browsers before starting. Opera Mini failed. Opera Mobile, with the appropriate settings for TLS 1.2 etc. as I have described in another post, balked a little but succeeded. And once you are signed in, you never need to go back to the browser (I think).
Here's what may happen:
1. You may sail through the sign-in process from FBReader (Network Library>FBReader book network) and see your file information appear. Done.
2. More likely than not you will get an "unable to establish a secure connection" or similar. This is a sadly common occurrence in Opera Mobile these days and has been roundly trounced on old Opera discussion boards. There appears to be no fix for it except to access the "Settings" window (from the "O" button). Then go to "Privacy" and then "Clear cache". Now back out of the Settings windows (Back button) and finally hit the "refresh" icon. Voila. This is a general "fix" for pages which don't want to load properly even though you have a valid certificate. I've tried running a script to delete the Opera cache before opening Opera but to no avail. Sometimes you are lucky (especially if you have not encountered any errors in a session before exiting), sometimes you are not. Like I say, once you get past this with FBReader, you should not need to go through it again. Just remember, you want to be signed in with your email, etc. on the Google homepage (the same account for your Google drive you set up with FBReader) before you go through all this.
I tested this with FW 1.2.2, but not 1.2.1
Hello!
Thanks a lot for this information, I was struggling with exactly this yesterday and came here to post this issue, but you already have a solution.
I installed Opera Mini v7.6.4 but couldn't connect to FBReader, so I tried to use the default browser and voilà. Now it's working again.
Thanks again, I really thought it was impossible to fix lol.
I haven't checked if kindle app is working, but it surely does.
Thank you!
How does one install or enable a file manager with root access? I've been googling for hours now and it's such a broad topic that I just can't for the life of me figure it out
xrupa said:
How does one install or enable a file manager with root access? I've been googling for hours now and it's such a broad topic that I just can't for the life of me figure it out
Click to expand...
Click to collapse
If your device is rooted, then you just need a "good" file manager. The version of ES File Explorer I use has an option for enabling root access. Attached.
Ah, that's the release version I have installed, I'll try and find the option, couldn't spot it earlier but that gives me hope
many thanks
Cheers, that's got me on a step or two, I think I just need to disable two step verification next as opera or the standard browser is repeatedly doing the 'failed connection' thing you mention at that stage, lightly infuriating, but at least I'm getting closer to getting my fbreader library back, many thanks!
xrupa said:
Cheers, that's got me on a step or two, I think I just need to disable two step verification next as opera or the standard browser is repeatedly doing the 'failed connection' thing you mention at that stage, lightly infuriating, but at least I'm getting closer to getting my fbreader library back, many thanks!
Click to expand...
Click to collapse
The stock browser is useless. For Opera Mobile don't neglect to make the TLS 1.2 change and, of course, update cacerts.bks
Ah great thanks, I've found that TLS thread, I'll do that and hopefully that'll be it!
nice one @nmyshkin
OMG It's done, im back into the network library on my ancient nook!
thanks so much, months of trying allsorts, nice one, thank you!