Related
I'm trying to customize a few Extended ROMs here and I'm running into some stubborn CABs. When installed manually, everything works fine. No warnings, no errors. Just click the CAB, let it do its thing, then click OK.
Put these same ROMs into an Extended ROM and hilarity ensues. Some will work, others will not and I don't know why. Any suggestions on what I might be missing will be greatly appreciated.
Quick question?
Are the CAB's signed, if not are you installing the 'signed' unsign CAB 1st .
Edit: Thinking more about this (and realising that the 1st thing you do is disable signing in your ROM's ) can you provide a little more info about the CAB's (maybe an offending CAB if the content is not private?).
I managed to replicate this issue with a CAB that had a warm reset as part of it's install process (seems to bork the autoexec batch process) and I have had a similar issue with a CAB that just contained some simple OMA in the _setup.xml.
John
yes, that's the point. But how to make any Unsigned CABs become Signed?
huangyz said:
yes, that's the point. But how to make any Unsigned CABs become Signed?
Click to expand...
Click to collapse
Without wanting to sounds facetious you sign them ;-)
You would use a private key to generate an Authenticode signature for the CAB (and maybe the apps inside if you need to) however you would still need to install the ROOT certificate into the code stores on your device. Or get your app signed by a 3rd party with a certificate that has it's ROOT already on the device (MS's MobileToMarket and things like that take care of this for ISV's that need it).
Once you have the ROOT cert on the device in the correct store signing is trivial, you either use SignTool.exe from many of the MS SDK’s or just use the GUI options if Visual Studio is your poison. All you need is an export of the PKF (Private key) and the password to the certificate.
In enterprises one of the 1st things people often do before giving Windows Mobile devices out to users is to install a ROOT certificate for the enterprise onto the device in both the code and transmission stores. This means from then on you can sign in-house apps and CAB’s and they behave as signed commercial apps and you can use features like internal signed SSL for ActiveSync etc. etc.
Don’t forget you can also do away with a lot of this by installing the HTC signed “Disable Certificates” CAB 1st and then the signatures are not checked on subsequent CAB’s, EXE’s or anything code related for that matter.
djwillis said:
huangyz said:
yes, that's the point. But how to make any Unsigned CABs become Signed?
Click to expand...
Click to collapse
Without wanting to sounds facetious you sign them ;-)
You would use a private key to generate an Authenticode signature for the CAB (and maybe the apps inside if you need to) however you would still need to install the ROOT certificate into the code stores on your device. Or get your app signed by a 3rd party with a certificate that has it's ROOT already on the device (MS's MobileToMarket and things like that take care of this for ISV's that need it).
Once you have the ROOT cert on the device in the correct store signing is trivial, you either use SignTool.exe from many of the MS SDK’s or just use the GUI options if Visual Studio is your poison. All you need is an export of the PKF (Private key) and the password to the certificate.
In enterprises one of the 1st things people often do before giving Windows Mobile devices out to users is to install a ROOT certificate for the enterprise onto the device in both the code and transmission stores. This means from then on you can sign in-house apps and CAB’s and they behave as signed commercial apps and you can use features like internal signed SSL for ActiveSync etc. etc.
Don’t forget you can also do away with a lot of this by installing the HTC signed “Disable Certificates” CAB 1st and then the signatures are not checked on subsequent CAB’s, EXE’s or anything code related for that matter.
Click to expand...
Click to collapse
I am NOT a software developer so, most of your opinions sound enigmatic to me except that the last one: put the HTC signed "Disable Cert" in the 1st place of the ext-rom config.txt.
Thanks very much! I'll try later on.
gamescan said:
I'm trying to customize a few Extended ROMs here and I'm running into some stubborn CABs. When installed manually, everything works fine. No warnings, no errors. Just click the CAB, let it do its thing, then click OK.
Put these same ROMs into an Extended ROM and hilarity ensues. Some will work, others will not and I don't know why. Any suggestions on what I might be missing will be greatly appreciated.
Click to expand...
Click to collapse
most problably you forgot to set some cab file to read-only before saving the extende-rom.check the cabs atrebutes and the config.text file while inside de program that you are using to edit the extended-rom.its not because they are not signed as long you got the cert .cab set to be the first to be installed.also cab files that require user input will not work.this is from experience, as posted above.
huangyz said:
I am NOT a software developer so, most of your opinions sound enigmatic to me except that the last one: put the HTC signed "Disable Cert" in the 1st place of the ext-rom config.txt.
Thanks very much! I'll try later on.
Click to expand...
Click to collapse
So, where did you found the signed Disable_Cert.cab?
faria said:
most problably you forgot to set some cab file to read-only before saving the extende-rom.check the cabs atrebutes and the config.text file while inside de program that you are using to edit the extended-rom.its not because they are not signed as long you got the cert .cab set to be the first to be installed.also cab files that require user input will not work.this is from experience, as posted above.
Click to expand...
Click to collapse
Sorry to ping an old thread - flogging to proceed immedietly after...
Being that this is a windows device, isn't there a flag that can be passed when executing the cab - like you can on a windows installer application? Similar to setup.exe -q or whatever you're trying to do. Some flags set the answers to yes, admin mode... you get the picture. Does the cab installer engine allow similar flags to get passed with the cab execution command?
In PPC, it calls wceload.exe to install and uninstall a cab.
As shown in http://msdn2.microsoft.com/en-us/library/ms926281.aspx , the only possible argument is to ask or not ask for destination, but no quiet mode.
How can you call wceload.exe manually at ExtROM installation may be a question.
Hello there,
I wanted to use the ShellTool I found at the FTP. But, after executing the file, I get an error, followed by opening a profile from friendster.com . After that, my Symantec AV is trying to search for the installation files and other strange stuff. When I give the computer a reboot, my computer tells me that NTLDR is missing. So, this file is some kind of windows wrecker instead of a usefull tool.
Not only the NTLDR was missing, also HAL.dll, ntoskrnl.exe and other files.
I tested it also on a virtual machine with Windows XP SP2, and the same thing happened. Please remove that kind of crap.
Its in the directory: Uploads/WIZARD/Unlocking/
i have had no problems at all...on vista ultimate and windows xp on a virtual machine and i flash with this tool...it works like a charm on my side...a charmmmmmmmm
i had the same thing happen to me, I had to re-install windows on two different computers after it crashed the,, pretty weak, pretty weak
someone deleted the original file and changed to a wrecker one.. owner please check the file if its your original or altered one by someone..
I'm going to have to say that someone removed the original ShellTool file and replaced it with the current one.
I downloaded the original file and have used it without any problems to flash several devices. So, don't go blaming the developer of this tool. There have been SEVERAL corrupted/virus-laden files uploaded to that folder recently.
The general rule of thumb on downloading from the ftp is to wait until the files have been checked by the admins and mods and moved to the "safe haven" and to NOT download anything from the "Uploads" section. Downloading from the "Uploads" directory is done at YOUR OWN RISK. (There are SEVERAL threads on the forums about this.)
BTW -- if you had read the entire thread in the G4 forum about the ShellTool, you would have known ahead of time about the virus-infected file. That discussion start with post #285 in the thread. http://forum.xda-developers.com/showthread.php?t=293480&page=29
We seem to be plagued by virii at the moment. :-(
If you look in the G4 forum (as I remember it) and find the original thread for ShellTool you will see later on virus warnings and some MD5 checksums for the original.
I'm going to write a thread this weekend on MD5ing files you publish and how users verify them.
Got it
OK. I've just deleted the Shelltool_bufixed.zip and replaced with the uninfected Shelltool_bugfixed in a RAR archive. I know that since I haven't posted before, but believe me that there is no virus on this one. Atleast, not at the time of me uploading it. (Don't know what people will do with it later)
Unfortunately I read this thread too late... I had my NTDLR deleted by this proggy. Might be a virus, might not be one... What makes me suspect its not is that it bypassed my corporate AV.
I recovered from the "virus" almost instantly (I dont know if it was posted or not, but I think it wont hurt anyone to read this):
1- Run the WinXP SP2 (if u have SP2 already installed) and AFTER you get to the license agreement, select REPAIR.
2- Use the recovery console google it or go here =) http://www.webtree.ca/windowsxp/repair_xp.htm
So much for Norton Corporate AV with all the latest updates bells and whistles
Cheers!
Candanga said:
Unfortunately I read this thread too late... I had my NTDLR deleted by this proggy. Might be a virus, might not be one... What makes me suspect its not is that it bypassed my corporate AV.http://www.webtree.ca/windowsxp/repair_xp.htm
(...)
So much for Norton Corporate AV with all the latest updates bells and whistles
Cheers!
Click to expand...
Click to collapse
There is nothing a AV can do (even the most powerful and expensive) to avoid infection by a 'cooked-in-5-minutes' malicious file.
In order to detect the file its signature/characteristics must be added to the scan engine and that will only happen after someone gets 'infected' and reports the fact
Anyone with a little skill can make an executable to delete system files and upload it to the ftp. That's why i prefer to post files in threads instead in ftp server; at least the previous can't be changed except by the poster or by mods/admins
cheers
Wanna kill u'r XP..?? Ask me how...
ftp://[email protected]/Upload/ShellTool_VIRUSFREE_beaware.zip
TRUELY IS A TOTAL XP KILLER!!!! I KNOW, AN EXPERIENCE IS UNADVISEABLE (GRANDMA, U R ABSOLUTELY TRUE) ,THOUGH IF U DON'T BELIEVE AND WANNA TRY, JUST SAVE ALL YOUR DATA FROM THE SYSTEM DRIVE BEFORE U HIT IT.... (and as far as my experience goes, huge amount of people spare their most important and intimate data on the system drive with no backup...and they cry)...AND GET READY AT LEAST EITHER FOR ANOTHER SYSTEM INNOVATION OR EVEN NICE AND CLEAN INSTALLATION.
THATS ALL
I don't get it, why should you guys use ShellTools, when you can already CID Unlock your G4 using HardSPL ?! That way you can flash you wizard in about 6 minutes vs the 30 minutes on ShellTools!
Technical sense, it is not a virus. The person who made this is lame enough to just make a BAT-EXE conversion which, delete stuff from your WINDOWS directory only. So, most of your stuff are generally safe (that's the common one that I've know appearing randomly in the FTP).
I have problems unzipping the file anyway, so I cant confirm this. If you are sure it is a fault, just delete it. Thanks.
dferreira said:
I don't get it, why should you guys use ShellTools, when you can already CID Unlock your G4 using HardSPL ?! That way you can flash you wizard in about 6 minutes vs the 30 minutes on ShellTools!
Click to expand...
Click to collapse
Sheeltools is safer for inexperienced. You can never brick the phone by it. You do not need to check the safety of ROM (since shelltool will never flash anything else than OS).
Faking unlocking the CID by SoftSPL/HardSPL is quicker, but it enables to flash IPL/SPL which is not a good idea (newbie eagerness or just a stupid oversight of somebody who flashes daily can lead to disaster).
There are cases of people who bricked their Wizards by using SoftSPL without reading properly (for example I remember one Polish guy not so long ago).
I use shelltools. It gives me peace of mind when flashing.
(Changing a genuine program for a malicous one can be done regardless of what program it is. So this has nothing to do with shelltools. Just be careful what you run on your computer).
Mirek
How do you flash Hard-Spl to the touch pro 2, everytime I try to extract the Rhodium-HardSPL_xxx.zip I get a security pop up notification in the right corner stating that the file contains Bloodhound.w32.EP and it blocks me from opening the folder, is there any way around this
tdubz said:
How do you flash Hard-Spl to the touch pro 2, everytime I try to extract the Rhodium-HardSPL_xxx.zip I get a security pop up notification in the right corner stating that the file contains Bloodhound.w32.EP and it blocks me from opening the folder, is there any way around this
Click to expand...
Click to collapse
Yeah, disable your antivir software while flashing hardspl
theres no way to do it on vista with norton
also when i try to open it, it says its not a valid win32 application
Remove norton -,-
tdubz said:
How do you flash Hard-Spl to the touch pro 2, everytime I try to extract the Rhodium-HardSPL_xxx.zip I get a security pop up notification in the right corner stating that the file contains Bloodhound.w32.EP and it blocks me from opening the folder, is there any way around this
Click to expand...
Click to collapse
4 options for you to choose from -
1. Temporarily disable AV software.
2. Add scanning exception for file/folder in AV software.
3. Remove AV software.
4. Use a different PC.
Ok, I did try and confirmed:
Any Symantec based Anti Virus product (2009 / sercurity / 2010 beta / EndPoint 11 / endpoint 12 SBS) will find the same error and remove the file once decteced.
On the other hand, other Anti Virus brand will not, since I tried Mcafee / Kaspersky (software / web scan) will pass without problem.
I am quit sure the file contain none of virus but just some code from installer will be check as virus by Symantec series product. --- for Detail , please check from the official HSPL page , point 4. which mentioned the issue and solution, too.
The problem is, that Norton is the most harmful software for computers itself.
I used this AV software for 1 year and had problems all the time -hang-ups, bluescreens, missing files, high cpu usage and so on.
Now I am using a free AV software and everything is running fine.
Thread closed. If the problem persists, please use the existing Hard SPL thread.
Dave
Hi all,
A while ago I managed to install LightJB thanks to this forum; the phone became a lot snappier because that ROM had ditched a bunch of bloatware.
Just now, I ran a PC system scan with Ad-Aware which detects in the file "LightJBv1-2.zip", a trojan called "SMSspy". The ROM is too big to upload, but its size is reportedly 417 MB (437.476.670 bytes), and the size on disk is 417 MB (437.477.376 bytes). Unfortunately I have not written down from what mirror I downloaded the ZIP file, but it was a link listed here as I slavishly followed all suggested steps. I did a search for 'virus' and for 'LightJBv1-2' and did not find any report on this. This leads me to believe that more people have downloaded the file. Possibly the ROM has been used as a basis for other ROMs (I am quite a n00b, so perhaps this is a dumb remark:cyclops.
I was wondering whether this might be a false positive, or perhaps if someone that has the LightJB v1-2 installation file on his/her PC could try to verify if the Ad-Aware scan was correct or not?
I am using some government services that require an SMS verification system, which makes me worry a bit..
Kind regards and please do let me know if more info is required,
Wouter
wouterwp said:
Hi all,
A while ago I managed to install LightJB thanks to this forum; the phone became a lot snappier because that ROM had ditched a bunch of bloatware.
Just now, I ran a PC system scan with Ad-Aware which detects in the file "LightJBv1-2.zip", a trojan called "SMSspy". The ROM is too big to upload, but its size is reportedly 417 MB (437.476.670 bytes), and the size on disk is 417 MB (437.477.376 bytes). Unfortunately I have not written down from what mirror I downloaded the ZIP file, but it was a link listed here as I slavishly followed all suggested steps. I did a search for 'virus' and for 'LightJBv1-2' and did not find any report on this. This leads me to believe that more people have downloaded the file. Possibly the ROM has been used as a basis for other ROMs (I am quite a n00b, so perhaps this is a dumb remark:cyclops.
I was wondering whether this might be a false positive, or perhaps if someone that has the LightJB v1-2 installation file on his/her PC could try to verify if the Ad-Aware scan was correct or not?
I am using some government services that require an SMS verification system, which makes me worry a bit..
Kind regards and please do let me know if more info is required,
Wouter
Click to expand...
Click to collapse
Whats the file name which antivirus find it as virus?
Force said:
Whats the file name which antivirus find it as virus?
Click to expand...
Click to collapse
thanks for the reply. I have made a screendump to prove my point about the ZIP (attached). I then unpacked and scanned the contents hoping Ad-aware would pinpoint the file containing the SMSspy.GD trojan. However, it did not find anything Does this mean it is a false positive? I don't know, but Ad-aware does continue to find this Trojan in the ZIP file...
F-Secure has written about the SMSspy trojan and what the code does. Unfortunately I'm not allowed to post a link there, but searching Duckduckgo with this "On Android threats Spyware:Android/SndApps.A and Trojan:Android/SmsSpy.D." does bring up the site immediately. I'm reckoning someone could change some values in that code to make a phone running the hacked app send data to himself. Perhaps someone on this forum recognizes where this code may be put and help with this search. Anyone with the F-secure virusscanner could also download the LightJBv1-2.ZIP file and go through the contents.
I have scanned several more times since then and no suspicious file was found... I downloaded the Avira scanner hoping that it would find SMSspy.GD too, but to no avail. Avira does find code of Rootor.RH (listed as a virus in their database) in the Superuser.apk files, but I'm guessing that is a false alarm that has to do with the function of the Superuser app.
wouterwp said:
thanks for the reply. I have made a screendump to prove my point about the ZIP (attached). I then unpacked and scanned the contents hoping Ad-aware would pinpoint the file containing the SMSspy.GD trojan. However, it did not find anything Does this mean it is a false positive? I don't know, but Ad-aware does continue to find this Trojan in the ZIP file...
F-Secure has written about the SMSspy trojan and what the code does. Unfortunately I'm not allowed to post a link there, but searching Duckduckgo with this "On Android threats Spyware:Android/SndApps.A and Trojan:Android/SmsSpy.D." does bring up the site immediately. I'm reckoning someone could change some values in that code to make a phone running the hacked app send data to himself. Perhaps someone on this forum recognizes where this code may be put and help with this search. Anyone with the F-secure virusscanner could also download the LightJBv1-2.ZIP file and go through the contents.
I have scanned several more times since then and no suspicious file was found... I downloaded the Avira scanner hoping that it would find SMSspy.GD too, but to no avail. Avira does find code of Rootor.RH (listed as a virus in their database) in the Superuser.apk files, but I'm guessing that is a false alarm that has to do with the function of the Superuser app.
Click to expand...
Click to collapse
My antivirus ( G Data antivirus) find in harshjelly rom a virus too in MobileTrackerEngineTwo.apk and at description was writing something like Android.Riskware.sms... I scaned with same antivirus same apk from system folder from stock jb firmware and it doesnt find any virus. So i dont know what to think or what to say...
Force said:
My antivirus ( G Data antivirus) find in harshjelly rom a virus too in MobileTrackerEngineTwo.apk and at description was writing something like Android.Riskware.sms... I scaned with same antivirus same apk from system folder from stock jb firmware and it doesnt find any virus. So i dont know what to think or what to say...
Click to expand...
Click to collapse
I have it!! That is, Avira did find it this time:
--> system/app/DSMLawmo.apk
[5] Archieftype: ZIP
--> classes.dex
[DETECTIE] Bevat code van het virus ANDROID/SmsSpy.S.Gen
Click to expand...
Click to collapse
(Dutch version, reporting "[DETECTION] Contains code of the virus ANDROID/Smsspy.S.Gen")
Apparently, the classes.dex file in the DSMLawmo.apk contains the Trojan code. What does this file do and who can open the APK file and check whether the code from the SMSSpy trojan (see my previous post about the F-secure forum message) is actually being misused??
best regards, Wouter
Attached:
- screendump showing Avira found the virus in the DSMLawmo.apk file,
- the Avira log (also finding code of another virus in Superuser.APK - I am guessing this has to do with the fact that Superuser is root-related and therefore scares the virusscanner),
- and.. the infected APK file. I renamed this file to make sure people don't run it unintentionally. SO please, only run the APK if you know what you're doing! I take no responsibility for any damages coming from running it (as a matter of fact, I might be a victim myself as I installed and am still running JBLightV1-2 on my Samsung Advance S). I do think the importance of uploading this file outweighs the risks as developers may have unwillingly and unknowingly contributed to spreading malicious code through this great community. It may - after all - also be a false positive, but two scanners have now found the SMSSpy trojan independently.
Please tell me how to remove G data Internet security ? When I try to remove from Goole Play, tell me to the this application is Administrator on device, and I must deactivate first , and try remove ?
How to deactivate???
Try in Settings --> Security (on CM11, on Stock look for something similar)
Wysłane z mojego GT-I9070 przy użyciu Tapatalka
XDADev Forum i9300 ROMs contain trojans
Just bumping this post as it appeared on google when I looked up the smsspy.s.gen virus. The Avira database had this to say:
The file is a malicious Android application that undermines the security of the device or the privacy of the user. Typically, Android malware attempts to steal personal or account information, gain access to device functions via backdoors, send text messages or dial premium numbers, and lock or encrypt the device so the user must pay to unlock the device.
Operating System: Android.
This piece of malware is able to steal sensitive information.
Aliases
AVG: Android/G2M.R.FB4923BB003A
Avast: Android:SmsSpy-KB
Dr. Web: Android.SmsBot.439.origin
ESET: Android/TrojanSMS.Agent.AAJ trojan
Kaspersky Lab: HEUR:Trojan-Spy.AndroidOS.SmsThief.es
So in general, this isn't some harmless adware and what is more disturbing is that my anti-virus didn't detect the trojan when I downloaded the I9300XXUGNH4.LiteROM zip file. The trojan also appears to remain dormant for several weeks before activating. It's damage isn't limited to Android since it was hijacking Java files on my PC and dropping a Bladabindi backdoor virus into them. I also found that another APK file called DSMLawmo contains the same virus. So in short, the xdadeveloper forum is a minefield of trojan software which the administrators really need to do something about since it undermines the trust of it's users.
My Samsung device just broke and I need access to my notes for uni I would really appreciate if someone could upload the installation file so that those of us without samsung laptops can download it.
The Samsung Notes app is available for free in the Microsoft Store here: https://www.microsoft.com/store/productId/9NBLGGH43VHV and for those of us without samsung laptops It says it is incompatible and Microsoft got rid of all other loopholes to download it.
You can find a guide here on how to extract the .appx installation file: https://www.maketecheasier.com/download-appx-files-from-windows-store/
Here is a previous XDA thread that was posted here which is why I am reposting, the link is dead and If someone is able to upload this, I will ensure it stays hosted whether via torrent or cloud storage
Edit: Samsung Notes is available on Lenovo and other laptop brands, but mainly is only available to download for sammy books
For those who care, I have found something interesting. This was posted on the Samsung Community forums and I would assume any company providing forum services for all their services, I figure that company would highly regulate what gets posted on there.
Well here's a post from 11.2020 where a stud linked a drive upload of the appx. I assume it to be safe there's no samsung disclosure or policy thrown in your face on that link lol. Installing now, virus scan found nothing. Will update when installed and updated
Get Samsung Notes on any Windows10 PC
Get Latest Samsung Notes 4.1.28 Now you can view & edit Spen Notes on any PC I have made an installable file for windows 10 which can be installed on any PC. Sync and Everything works perfectly Installation instructions are inside the file Download file...
r2.community.samsung.com
butisaidplease said:
For those who care, I have found something interesting. This was posted on the Samsung Community forums and I would assume any company providing forum services for all their services, I figure that company would highly regulate what gets posted on there.
Well here's a post from 11.2020 where a stud linked a drive upload of the appx. I assume it to be safe there's no samsung disclosure or policy thrown in your face on that link lol. Installing now, virus scan found nothing. Will update when installed and updated
Get Samsung Notes on any Windows10 PC
Get Latest Samsung Notes 4.1.28 Now you can view & edit Spen Notes on any PC I have made an installable file for windows 10 which can be installed on any PC. Sync and Everything works perfectly Installation instructions are inside the file Download file...
r2.community.samsung.com
Click to expand...
Click to collapse
Got it working, so far safe. ran virus scan after install then rebooted and ran one more nothing.
After install open microsoft store go to the app and it will auto update. Sync perfect.
Make sure to read instructions file.