Frontpage
Forums
Tutorials
Members
Calendar
Subscription
Donate
Links
Contact 
Help
Just heard from a source that the process to add your own hacked files into a compressed cab file (EX_, DL_ and such) and getting past the digital signature protection can be done using the CAB SDK from Microsoft. More info soon!
Edit: hmm, the only page I could find: http://msdn.microsoft.com/library/default..../html/cabdl.asp I'll be surprised if an app from 1997 works for creating CAB files for XP
uxtheme.dl_ hacked !
Come and get it !
Rate Topic:
#61
- The MSFN Banana
-
- Group: Patrons
- Posts: 5,767
- Joined: 17-August 01
Posted 12 September 2003 - 06:20 PM
Back to top
#62
Posted 12 September 2003 - 09:26 PM
#63
- The MSFN Banana
-
- Group: Patrons
- Posts: 5,767
- Joined: 17-August 01
Posted 13 September 2003 - 04:50 AM
What's special about Cabpack that allows Windows Setup to continue without error? Or did you make extra modifications to the UXTheme.dll file itself to bypass the Digital Signature?
#64
- Junior
-
- Group: Members
- Posts: 60
- Joined: 12-September 03
Posted 13 September 2003 - 05:08 AM
I haven't got the UXTheme.dll to work yet, my last attempt failed at the GUI with an internal structure error. Also I am tired of erasing and then burning to CDR-W. I'm gonna get Virtual PC and then start again.
@AaronXP: I guess the way to find out is to compress the DLL with Cabpack and see if the installer excepts it. I will give this a go later today after I get VPC.
@AaronXP: I guess the way to find out is to compress the DLL with Cabpack and see if the installer excepts it. I will give this a go later today after I get VPC.
#65
- ineXPlicable
-
- Group: Developers
- Posts: 3,062
- Joined: 22-August 03
Posted 13 September 2003 - 06:25 AM
I am a little confused here. Setup does notice that the UXTHEME.DL_ and SFC_OS.DL_ are "incorrect", and reports so in the setuperr.log. This in itself does not seem to cause any errors ( ... on my system ... ). Does replacing a file with an "incorrect", yet working version generally cause an error, or stop setup? Otherwise, isn't there an OEM setting to allow OEM files to overwrite windows system files? Is the issue really with the compressor: why would CabPack be any better than MS's CabArc? Thanks for any light you can shed on this.
#66
Posted 13 September 2003 - 06:31 AM
I have a tip for you guys that want to add the hacked uxtheme.dll to a installed xp at least..
This might have been discussed here but I am posting this anyhow.
1. unpack the zip file. you'll get a uxtheme.dl_
2. expand the uxtheme.dl_ using expand uxtheme.dl_ uxtheme.dll
3. copy uxtheme.dll to c:\
4. reboot into failsafe with command prompt
5. cd %windir%\system32\
6. rename uxtheme.dll uxtheme.dll.old
7. cd\
8. copy uxtheme.dll c:\%windir%\system32\uxtheme.dll
9. reboot back into regular XP
all done..
I have used this method on 3 workstations and they all had fileprotection still enabled.. I LOVE THIS hacked version of uxtheme.dll..
This might have been discussed here but I am posting this anyhow.
1. unpack the zip file. you'll get a uxtheme.dl_
2. expand the uxtheme.dl_ using expand uxtheme.dl_ uxtheme.dll
3. copy uxtheme.dll to c:\
4. reboot into failsafe with command prompt
5. cd %windir%\system32\
6. rename uxtheme.dll uxtheme.dll.old
7. cd\
8. copy uxtheme.dll c:\%windir%\system32\uxtheme.dll
9. reboot back into regular XP
all done..
I have used this method on 3 workstations and they all had fileprotection still enabled.. I LOVE THIS hacked version of uxtheme.dll..
#67
Posted 13 September 2003 - 07:31 AM
Hi
AaronXP
I told you don't trust your source
( There is no Digital Signature )
Last hint :
If you click me
I will kill you !
AaronXP
I told you don't trust your source
( There is no Digital Signature )Last hint :
If you click me
I will kill you !
#68
- Junior
-
- Group: Members
- Posts: 60
- Joined: 12-September 03
Posted 13 September 2003 - 07:43 AM
Why don't you just come out and tell us what you did? 
I don't see the point in keeping this to yourself :/
#69
- The MSFN Banana
-
- Group: Patrons
- Posts: 5,767
- Joined: 17-August 01
Posted 13 September 2003 - 07:50 AM
Here's the setuperr.log I got when I used the hacked UXTHEME.DL_ and Metapad compressed into NOTEPAD.EX_:
Still works fine though, Setup did not abort or show any screens to say one of the files failed to copy. Even if it did, it may have automatically proceeded. Notepad isn't present in the Windows or dllcache folder but its in System32.
Error: D:\i386\NOTEPAD.EX_ was not copied to C:\WINDOWS\NOTEPAD.EXE because of the following error: No signature was present in the subject. *** Error: Setup detected that the system file named [c:\windows\system32\uxtheme.dll] is not signed properly by Microsoft. This file could not be restored to the correct Microsoft version. Use the SFC utility to verify the integrity of the file. ***
Still works fine though, Setup did not abort or show any screens to say one of the files failed to copy. Even if it did, it may have automatically proceeded. Notepad isn't present in the Windows or dllcache folder but its in System32.
#70
- Junior
-
- Group: Members
- Posts: 60
- Joined: 12-September 03
Posted 13 September 2003 - 08:23 AM
I think makecab compressed the file to MSZIP format whereas CabPack allows the LZW compression. I think the setup checks for LZW somehow. God this is addictive wish I was home now and I would check it out.
#71
- The MSFN Banana
-
- Group: Patrons
- Posts: 5,767
- Joined: 17-August 01
Posted 13 September 2003 - 10:30 AM
You are right, it seems miso1391's hacked UXTHEME.DL_ was made using LZX compression at a value of 21, and the byte size matches my created UXTHEME.DL_ (using cabpack) with miso1931's.
Further tests shows that compressing UXTheme.dll with Windows XP's built-in makecab utility will cause setup to halt. Also, I'm testing the modified notepad.exe with LZX compression, to see if it actually copies to three different folders rather than one (not important, but willing to see the difference )
Edit: no difference on notepad.exe whether its compressed with Windows XP's Makecab or Cabpack's LZX compression.
I've noticed that miso1931's uxtheme.dll md5 sum is different to a hacked copy that I've had since SP1 came out, even though they carry the same byte size. The answer lies in that file rather than the compression used.
Further tests shows that compressing UXTheme.dll with Windows XP's built-in makecab utility will cause setup to halt. Also, I'm testing the modified notepad.exe with LZX compression, to see if it actually copies to three different folders rather than one (not important, but willing to see the difference
)Edit: no difference on notepad.exe whether its compressed with Windows XP's Makecab or Cabpack's LZX compression.
I've noticed that miso1931's uxtheme.dll md5 sum is different to a hacked copy that I've had since SP1 came out, even though they carry the same byte size. The answer lies in that file rather than the compression used.
#72
- Member
-
- Group: Members
- Posts: 148
- Joined: 30-August 03
Posted 13 September 2003 - 10:54 AM
It does have a different md5, but i did a BC of it the other day and it is only 2 bytes that are different. Hardly a lot but who knows....
Edit - Unless that little change causes it to match the sig or md5 of the correct file.... Is that even possible?
Edit - Unless that little change causes it to match the sig or md5 of the correct file.... Is that even possible?
#73
- The MSFN Banana
-
- Group: Patrons
- Posts: 5,767
- Joined: 17-August 01
Posted 13 September 2003 - 11:03 AM
miso's uxtheme.dll needs to be hex-compared with vorte[x]'s hacked uxtheme.dll to see the slight different. (Vorte[x] was the source of the hacked uxtheme files for XP and XP SP1)
#74
- Member
-
- Group: Members
- Posts: 148
- Joined: 30-August 03
Posted 13 September 2003 - 11:16 AM
Thats what i did, using Beyond compare.
#75
- The MSFN Banana
-
- Group: Patrons
- Posts: 5,767
- Joined: 17-August 01
Posted 13 September 2003 - 11:33 AM
Paul 365, on Sep 13 2003, 06:16 PM, said:
Thats what i did, using Beyond compare.
Did it tell you what value was changed at what offset? I would like to try hex-editing vorte[x]'s hacked uxtheme.dll file to force Setup to allow this to go through.
#76
- Member
-
- Group: Members
- Posts: 148
- Joined: 30-August 03
Posted 13 September 2003 - 12:05 PM
It did yes - but as that was the only difference - changing it would just make it the same file as the one miso gave us.
I think i am missing the point as i dont understand what you would gain from that.
Edit sorry it dosnt give me the offset, bc is more of a text based compare tool.
I think i am missing the point as i dont understand what you would gain from that.
Edit sorry it dosnt give me the offset, bc is more of a text based compare tool.
#77
- Junior
-
- Group: Members
- Posts: 60
- Joined: 12-September 03
Posted 13 September 2003 - 01:37 PM
Well I finally got the uxtheme.dl_ to install, but I have another problem. Its doesn't reboot like it should and it doesn't clear out the drivers folder. Also the visual style is still classic I have to manually select my visual style and apply it.
@Paul 365: In you post, below, Does it bootup with the DarkXP visual style enabled?
@Paul 365: In you post, below, Does it bootup with the DarkXP visual style enabled?
Quote
[Shell]CustomDefaultThemeFile = "%SYSTEMDRIVE%\Windows\Resources\Themes\DarkXP.theme"
DefaultStartPanelOff = No
DefaultThemesOff = No
DefaultStartPanelOff = No
DefaultThemesOff = No
#78
- Member
-
- Group: Members
- Posts: 148
- Joined: 30-August 03
Posted 13 September 2003 - 01:42 PM
yes sir it sure does.
Open your .theme file with a text editor and copy and paste it here, this smacks of a path error or something like that.
Open your .theme file with a text editor and copy and paste it here, this smacks of a path error or something like that.
#79
- Junior
-
- Group: Members
- Posts: 60
- Joined: 12-September 03
Posted 13 September 2003 - 01:51 PM
Heres my .theme file
; Copyright © Microsoft Corp. 1995-2001
[Theme]
; My Computer
[CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon]
DefaultValue=C:\Program Files\Object Desktop\IconPackager\Themes\BlueCurve\BlueCurve.icl,1
; My Documents
[CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\DefaultIcon]
DefaultValue=C:\Program Files\Object Desktop\IconPackager\Themes\BlueCurve\BlueCurve.icl,0
; My Network Places
[CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\DefaultIcon]
DefaultValue=C:\Program Files\Object Desktop\IconPackager\Themes\BlueCurve\BlueCurve.icl,2
; Recycle Bin
[CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon]
full=C:\Program Files\Object Desktop\IconPackager\Themes\BlueCurve\BlueCurve.icl,5
empty=C:\Program Files\Object Desktop\IconPackager\Themes\BlueCurve\BlueCurve.icl,4
[Control Panel\Colors]
ActiveTitle=62 113 170
Background=62 113 170
Hilight=62 113 170
HilightText=255 255 255
TitleText=255 255 255
Window=255 255 255
WindowText=0 0 0
Scrollbar=212 208 200
InactiveTitle=246 246 246
Menu=255 255 255
WindowFrame=0 0 0
MenuText=0 0 0
ActiveBorder=212 208 200
InactiveBorder=212 208 200
AppWorkspace=128 128 128
ButtonFace=246 246 246
ButtonShadow=154 154 154
GrayText=117 117 117
ButtonText=0 0 0
InactiveTitleText=139 139 139
ButtonHilight=255 255 255
ButtonDkShadow=92 92 92
ButtonLight=241 239 226
InfoText=0 0 0
InfoWindow=255 255 225
GradientActiveTitle=62 113 170
GradientInactiveTitle=246 246 246
ButtonAlternateFace=181 181 181
HotTrackingColor=68 100 172
MenuHilight=62 113 170
MenuBar=246 246 246
[Control Panel\Cursors]
Arrow=%WinDir%resources\Themes\Ximian\Cursors\BC_NormalSelect.cur
Help=%WinDir%resources\Themes\Ximian\Cursors\BC_HelpSelect.cur
AppStarting=%WinDir%resources\Themes\Ximian\Cursors\BC_working.ani
Wait=%WinDir%resources\Themes\Ximian\Cursors\BC_Busy.ani
NWPen=%WinDir%resources\Themes\Ximian\Cursors\BC_Pen.cur
No=%WinDir%resources\Themes\Ximian\Cursors\BC_Unavailable.cur
SizeNS=%WinDir%resources\Themes\Ximian\Cursors\BC_SizeVert.cur
SizeWE=%WinDir%resources\Themes\Ximian\Cursors\BC_SizeHor.cur
Crosshair=%WinDir%resources\Themes\Ximian\Cursors\BC_Cross.cur
IBeam=%WinDir%resources\Themes\Ximian\Cursors\BC_Select.cur
SizeNWSE=%WinDir%resources\Themes\Ximian\Cursors\BC_SizeDiag2.cur
SizeNESW=%WinDir%resources\Themes\Ximian\Cursors\BC_SizeDiag1.cur
SizeAll=%WinDir%resources\Themes\Ximian\Cursors\BC_Move.cur
UpArrow=%WinDir%resources\Themes\Ximian\Cursors\BC_Up.cur
DefaultValue=Windows default
Link=
[Control Panel\Desktop]
Wallpaper=%WinDir%Resources\Themes\Ximian\Wallpapers\14501Aqua_Blue.jpg
TileWallpaper=0
WallpaperStyle=2
Pattern=
ScreenSaveActive=0
[Control Panel\Desktop\WindowMetrics]
[Metrics]
IconMetrics=76 0 0 0 91 0 0 0 91 0 0 0 1 0 0 0 245 255 255 255 0 0 0 0 0 0 0 0 0 0 0 0 144 1 0 0 0 0 0 1 0 0 0 0 86 101 114 100 97 110 97 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
NonclientMetrics=84 1 0 0 1 0 0 0 15 0 0 0 17 0 0 0 18 0 0 0 20 0 0 0 244 255 255 255 0 0 0 0 0 0 0 0 0 0 0 0 188 2 0 0 0 0 0 1 0 0 0 0 86 101 114 100 97 110 97 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 17 0 0 0 15 0 0 0 245 255 255 255 0 0 0 0 0 0 0 0 0 0 0 0 188 2 0 0 0 0 0 1 0 0 0 0 86 101 114 100 97 110 97 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 18 0 0 0 19 0 0 0 245 255 255 255 0 0 0 0 0 0 0 0 0 0 0 0 144 1 0 0 0 0 0 1 0 0 0 0 86 101 114 100 97 110 97 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 245 255 255 255 0 0 0 0 0 0 0 0 0 0 0 0 144 1 0 0 0 0 0 1 0 0 0 0 86 101 114 100 97 110 97 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 245 255 255 255 0 0 0 0 0 0 0 0 0 0 0 0 144 1 0 0 0 0 0 1 0 0 0 0 86 101 114 100 97 110 97 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
[boot]
SCRNSAVE.EXE=
[MasterThemeSelector]
MTSM=DABJDKT
ThemeColorBPP=4
[VisualStyles]
Path=%WinDir%resources\Themes\Ximian\Ximian.msstyles
ColorStyle=XimianS
Size=NormalSize
[AppEvents\Schemes\Apps\.Default\.Default\.Current]
DefaultValue=%WinDir%media\Windows XP Ding.wav
[AppEvents\Schemes\Apps\.Default\AppGPFault\.Current]
DefaultValue=
[AppEvents\Schemes\Apps\.Default\Close\.Current]
DefaultValue=
[AppEvents\Schemes\Apps\.Default\DeviceConnect\.Current]
DefaultValue=%WinDir%media\Windows XP Hardware Insert.wav
[AppEvents\Schemes\Apps\.Default\DeviceDisconnect\.Current]
DefaultValue=%WinDir%media\Windows XP Hardware Remove.wav
[AppEvents\Schemes\Apps\.Default\DeviceFail\.Current]
DefaultValue=%WinDir%media\Windows XP Hardware Fail.wav
[AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\.Current]
DefaultValue=%WinDir%media\Windows XP Battery Low.wav
[AppEvents\Schemes\Apps\.Default\MailBeep\.Current]
DefaultValue=%WinDir%media\Windows XP Notify.wav
[AppEvents\Schemes\Apps\.Default\Maximize\.Current]
DefaultValue=
[AppEvents\Schemes\Apps\.Default\MenuCommand\.Current]
DefaultValue=
[AppEvents\Schemes\Apps\.Default\MenuPopup\.Current]
DefaultValue=
[AppEvents\Schemes\Apps\.Default\Minimize\.Current]
DefaultValue=
[AppEvents\Schemes\Apps\.Default\Open\.Current]
DefaultValue=
[AppEvents\Schemes\Apps\.Default\PrintComplete\.Current]
DefaultValue=
[AppEvents\Schemes\Apps\.Default\RestoreDown\.Current]
DefaultValue=
[AppEvents\Schemes\Apps\.Default\RestoreUp\.Current]
DefaultValue=
[AppEvents\Schemes\Apps\.Default\RingIn\.Current]
DefaultValue=
[AppEvents\Schemes\Apps\.Default\Ringout\.Current]
DefaultValue=
[AppEvents\Schemes\Apps\.Default\SystemAsterisk\.Current]
DefaultValue=%WinDir%media\Windows XP Error.wav
[AppEvents\Schemes\Apps\.Default\SystemExclamation\.Current]
DefaultValue=%WinDir%media\Windows XP Exclamation.wav
[AppEvents\Schemes\Apps\.Default\SystemExit\.Current]
DefaultValue=%WinDir%media\Windows XP Shutdown.wav
[AppEvents\Schemes\Apps\.Default\SystemHand\.Current]
DefaultValue=%WinDir%media\Windows XP Critical Stop.wav
[AppEvents\Schemes\Apps\.Default\SystemNotification\.Current]
DefaultValue=%WinDir%media\Windows XP Balloon.wav
[AppEvents\Schemes\Apps\.Default\SystemQuestion\.Current]
DefaultValue=
[AppEvents\Schemes\Apps\.Default\SystemStart\.Current]
DefaultValue=%WinDir%media\Windows XP Startup.wav
[AppEvents\Schemes\Apps\.Default\SystemStartMenu\.Current]
DefaultValue=
[AppEvents\Schemes\Apps\.Default\WindowsLogoff\.Current]
DefaultValue=%WinDir%media\Windows XP Logoff Sound.wav
[AppEvents\Schemes\Apps\.Default\WindowsLogon\.Current]
DefaultValue=%WinDir%media\Windows XP Logon Sound.wav
[AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\.Current]
DefaultValue=%WinDir%media\Windows XP Recycle.wav
[AppEvents\Schemes\Apps\Explorer\Navigating\.Current]
DefaultValue=%WinDir%media\Windows XP Start.wav
#80
- The MSFN Banana
-
- Group: Patrons
- Posts: 5,767
- Joined: 17-August 01
Posted 13 September 2003 - 01:55 PM
Paul 365, on Sep 13 2003, 07:05 PM, said:
It did yes - but as that was the only difference - changing it would just make it the same file as the one miso gave us.
I think i am missing the point as i dont understand what you would gain from that.
I think i am missing the point as i dont understand what you would gain from that.
What I would gain from it is learning what hex value controls the digital signature. It appears it can be disabled completely in the file, and by learning that we can apply it to other files we want to replace too.
