UCyborg

Hm, 2FA auth only applies when logging in on the website, but if you decide to use the app exclusively, you're still back at one factor. I wanted to make use of the ability to scan the QR code on the bill for quick payment. While it went through, the app hung when returning to its main screen and couldn't do anything but force-close it. Now here's the fun part, its data got corrupted in the process. When trying to login, it gave useless "No services found on this device" message. Restoring all of its data got it back into a working state (at least until it bugs again if you try to do the above). But here's another catch, it uses Android Keystore, so restoring its data folder is not enough, there are also files in /data/misc/keystore. The relevant file names for each app that uses it start with "uid" or ".uid", where uid is the numeric user ID of each app. MiXplorer makes it easy to look them up when you open the dialog to change any file's owner or group. I had the entire data partition backed up, so restoring everything wasn't a problem. When I initiated the login procedure on the website now, the push notification didn't arrive on the phone, I had to login on the phone and only then the screen for confirming login on the website shows. I tested with another app if push notifications still worked in general. Firebase Cloud Messaging is used to send such notifications. So something was sent out, but since it crapped out, it wasn't in sync anymore, so I guess the notification never reached my device. I wanted to see if I could re-activate the app, so did the same dance as the last time, it went through and notifications from the app started working again. Guess I'll use the app just to access the bank's website. I noticed at later point that MagiskHide wasn't actually working after I got the banking app activated and put Magisk back. The app might not care about SafetyNet status anymore once activated. There's this common problem with MagiskHide that you have to re-enable it after the device boots before it actually starts working and while there's the boot script that could help (in this guide), it's still not reliable. I had that script from before and thought I found the right timing as it worked a while back, but apparently not. So the only reliable way is to do it manually after boot. One usually doesn't reboot the phone often, so it's not that much of a hassle. Think I've had enough of such adventures for a while, so I'll leave things as they are. BTW, BlueStacks doesn't pass SafetyNet checks, so it's not suitable for such apps.

The issue was fixed in 1042, but 1042 is not available in 32-bit flavor.

I went through Task Scheduler and disabled stuff that's firing on regular basis and their description didn't strike me as something that would be needed for things I expect to work to work and installed some useful software for tweaking/extending usability: Open-Shell (good old start menu, more configurable than any MS implementation and the package comes with certain tweaks for Explorer/Internet Explorer) SecureUxTheme (to be able to load unofficial themes) Aero Glass (adds transparency with blur to window frames, also more configurable than Windows 7 implementation, currently doesn't work with latest Win10 iterations) QTTabBar (tabs for Explorer with some extras) OldNewExplorer (shell extension with certain tweaks for Explorer) Link Shell Extension (displays NTFS hard links, symbolic links, directory junctions... in Explorer with overlaid icons and adds commands to work with them to context menus) 7+ Taskbar Tweaker (tweak application for taskbar) T-Clock Redux (customizable taskbar clock with extras) Regarding services, I only disabled Connected User Experiences and Telemetry and AppX Deployment Service (AppXSVC) services. I initially left the latter enabled, but it crapped out after some time when the system wasn't rebooted for weeks (endless grinding on the disk, more specifically the page file). I modified policies regarding auto-updates, turned off lock screen, re-enabled showing of crash dialog if application crashes, disabled blurring of logon screen background, OneDrive and Windows Defender. There were also some tweaks in registry there and there, I remember enabling the LastActiveClick and messing with keys at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers. Even though the limit of shell icon overlays is supposed to be 15 (relevant blog post by Raymond Chen) and I have 13 of those, the ones put there by Link Shell Extension just didn't work until I renamed them in a way that they appear first alphabetically, so they have the priority. MS actually put seven entries for OneDrive there and renamed them by adding space in the name, so they had the priority. I was unable to get Open-Shell's Classic Explorer component to display the share icon for shared files, I corrected %windir%\system32\images.dll,164 to %windir%\systemresources\imageres.dll.mun,164 in Classic Explorer settings on File pane tab (most icons were relocated since version Win10 1903), appropriately renamed ShareOverlay registry key in the previously mentioned ShellIconOverlayIdentifiers key, but it just won't budge. Additional note (later edit): So this issue is connected to too much overlays or maybe even glitches in existing registered overlays. If I get rid of OneDrive entries (or just take away permissions to read those keys), the problem disappears. If OneDrive integration matters, then I don't know what one could do to have all functionality, plus there's also other software out there that adds icon overlays. When I messed with Win10 1803 initially, I resorted to deleting OneDrive entries because Link Shell Extension's overlays didn't work. Some time later, it seemed renaming was enough, though I didn't pay attention to share overlays specifically until recently. On my laptop, I also added Windows 7's Manage Wireless Networks to Control Panel. I also add the following DLLs (these deal with older games): Modified (picture guide - OllyDbg needed) d3d8.dll from Win10 1803 (Build 17134) - they removed classic fullscreen mode from D3D8 in newer versions and the optimized fullscreen mode was only ever implemented in D3D9+ - the modified DLL is reportedly still functional on Win10 2004 - so you get back the performance, but without additional perks of optimized fullscreen mode. Some DLLs from WinXP SP3: d3drm.dll - Direct3D Retained Mode DLL - some games and demos use it, not included since Vista. dmscript.dll - because DirectMusic scripting functionality is apparently bugged since Vista. dx7vb.dll - DirectX 7 runtime for Visual Basic applications (should be registered with regsvr32) dx8vb.dll - DirectX 8 runtime for Visual Basic applications (should be registered with regsvr32) dxmasf.dll - Windows Media Source Filter, should be registered with regsvr32, original file is a stub, has dependencies: drmclien.dll - DRM Client DLL strmdll.dll - Windows Media Services Streamer Dll - this DLL won't run out-of-the-box since Windows 10 1809 because they removed support for IOCTL_TCP_QUERY_INFORMATION_EX and the DLL doesn't handle it gracefully. There's a patched version available on VOGONS, there could be issues if some application out there that uses the DLL in certain way makes said feature a requirement. However, older DLL from older DirectX package, (probably best to take the other 2 as well) doesn't have this dependency. I don't remember which DirectX package has the newest version that doesn't have said dependency. So that more or less sums it up. I ended up on Win10 mostly because there's always something that doesn't work right regardless of what OS I use. The biggest improvement for me was memory management. I found older versions to be very aggressive when it came to paging out to disk. I would run something that consumes a bit more of memory, say 800 MB or more, then things would get swapped out and when I finished, disk would start grinding because lots of data has to be loaded back in memory, the running application would take a while to close and the whole computer to "snap out of it". Audio playing in the background is easily interrupted on Win7 by something going exclusive fullscreen, switching away from that fullscreen application, resolution switches are slower, more screen flashing in general with such transitions. Win10 is snappier in these scenarios, though it looks like Win10 specific GPU drivers are needed for the biggest effect in reducing screen flashes. So it is possible for second screen to not flash when something changes on the first. I also noticed an oddity on Win7 that happens with enabled HRTF in Creative Sound Blaster X-Fi MB3 software (Surround checkbox) that would result in Windows' navigation start sound (it's disabled by default) to be inaudible for some reason. Not an issue on Win10. Console windows also behave better, finally they can be normally resized. In Win7, a bizarre bug appeared that causes 8x12 raster font to just disappear from available options if user isn't in session #1 (it increases each time you logon since boot) and system locale is set to Slovenian (possibly other languages as well). That's also fixed. My experiences above with Win7 apply to Win8.x as well. Clipboard history and scrolling inactive windows options, which technically just sends mouse wheel events to window under mouse cursor, not window with keyboard focus, are also good additions. At least something for which 3rd party application isn't a must anymore. It took some tinkering, lots of things could still be improved, it definitely makes least sense UI wise out-of-the-box of all Windows releases, but so far, it works well enough that I don't have the itch to switch the OS. Currently on version 1909.

Then perhaps the policy described here might be the best in the sense that it's exposed in gpedit.msc, so should be officially supported.

I don't have 2004 anywhere, but on 1809 and 1909, I only have policies (gpedit.msc) Configure Automatic Updates set to Disabled and Turn off the offer to update to the latest version of Windows set to Enabled. The latter probably doesn't matter since I never open the store, used it maybe a time or two to install some extensions in the old EdgeHTML version of Microsoft Edge. I don't get bothered with updates, just the 1809 version is showing an icon in notification area that I'm missing important updates. I also had an opportunity to try setting the registry setting that is added by the first policy on Windows 10 Home (also 1809) - create key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU (create missing keys along the way as needed) - add DWORD NoAutoUpdate and set it to 1 - it seems to work.

Blocking JavaScript from adobetm.com makes the login page display.

The first link I posted up there is supposed to point to the last ad-free version. I also noticed the current version 1.7.21289 was released two times, first on 10th September, second on 15th September, at least those dates are last modification dates of installers and also PotPlayer.dll (the core DLL of the player) inside. The DLLs differ, but they have the same version number.

Older versions should be obtainable via link constructed like: http://t1.daumcdn.net/potplayer/PotPlayer/Version/YYYYMMDD_x.y.z/PotPlayerSetup.exe Where YYYYMMDD is the build date and x.y.z is the version number. Just wanted to point out I could not download the version right before the latest one from their server this way. I could get two versions from the year 2019 this way: http://t1.daumcdn.net/potplayer/PotPlayer/Version/20190610_1.7.18958/PotPlayerSetup.exe http://t1.daumcdn.net/potplayer/PotPlayer/Version/20191031_1.7.20977/PotPlayerSetup.exe

I presume you've already tried restarting Windows Management Instrumentation service? That's the only thing I can think of.

There's more broken stuff with SELinux enabled, can't browse the web (nothing shows where the content is supposed to be), the phone doesn't ring... SELinux must be properly configured by ROM author so enforcing mode doesn't block normal functions. Looks like those settings are baked somewhere in the boot image during compilation time. I flashed Magisk patched boot image back and put SELinux back in permissive mode. I can still login to bank website!

Aero Peek depends on desktop composition, the other two are independent. Disabling Themes service breaks the ability to switch themes on the fly, it'll only be done partially if you try to change it. Simpler things will go through, but if new theme uses another resource file, that won't be loaded.

They didn't ban my phone after all. I did some modifications: Flashed default LineageOS 14.1 boot image, previously used Magisk patched image, so no more root access in the OS. Full root access is still available in recovery mode. Matched prop ro.bootimage.build.fingerprint with ro.build.fingerprint in /system/build.prop file. Newer Android versions complain about the device having internal error after boot if they don't match. I already took care of other sensitive props before that. ro.build.fingerprint must also match one of the certified devices' fingerprints, though the person that ported LineageOS to Xperia E3 already took care of that. Added a boot script that does "setenforce enforcing". This puts SELinux in enforcing mode. The default on this port is permissive mode. SafetyNet fails if it detects permissive mode. After doing this, SafetyNet check actually passed! And the troublesome app...activated without a hitch. But now the camera doesn't work. Any app that tries to use it hangs. It's a known issue with this LineageOS port not working 100% correctly with SELinux in enforcing mode. Hopefully future build comes that addresses it. Camera was an issue with custom ROMs for this phone from the very beginning, it started with the lack of driver support from Sony for newer Android versions. So what the heck helped? My bet is that the main issue was permissive SELinux. And how to safely test without locking oneself out? If it always talks to the server first before panicking, then the only safe offline test is not possible. If the server is tripped, restoring backup copy of app data wouldn't help. There is the small chance that more checks are in place only during activation process.

So I was checking out this other bank and their procedure to log onto their online services is even more convoluted. And looking at other banks' offerings...the more, I look, the less I'm sure where to go from here. I forgot to mention, there is some extra glitch with Magisk on my device; Magisk normally checks the ro.build.tags prop and sets it to release-keys if it was set dev-keys or test-keys, custom ROMs have it set to one of the latter two. It's written in /system/build.prop file that is generated during build process, which may be modified with rw access to /system. The glitch is when Magisk modifies it during runtime, getprop utility returns the updated value, but a programmatic check through Java still returns the old value unless you modify build.prop file directly. I don't know whether that app checked build tags first or the presence of busybox binary, which, BTW, is actually present on certain official ROMs! I just identified the relevant blocks of code by taking its APK file apart with APKTool. It looks like root checks span across both Java code and one of the bundled native libraries. So the things that I identified are successfully hidden on my phone, at least undetectable by Native Root Checker and RootBeer Sample apps. I also tried registering with the previous version of the banking app, which, in logcat, specifically mentions "negative root check", but no luck, log indicates their server returned some error code. Of course, they could be blocking older versions. Back to the current version, I also tried changing my device's fingerprint, didn't help neither. The thing about blocking my phone's serial number is pure speculation on my part, but this could be it as part of its code does read it. I figured the serial number is passed to the Linux kernel via androidboot.serialno=xxx paramater by device's bootloader. There's also possibility that some hole still exists through which root may be detected. One such hole is known, but can be avoided by using Magisk fork with modules functionality stripped, which I ended up installing, though I haven't found that it's actually used by the app. I guess they could also block the numeric ID they give to their customers to activate the app, but then even using different phone wouldn't make a difference... I also messed around with various versions of Android-x86 on my laptop. It has its own quirks. Good to know ART cache (Dalvik cache in older versions, but still residing in /data/dalvik-cache in newer versions) wasting a lot of space is the problem of Android 7.x in general. I haven't been able to pass SafetyNet test on it, not even the basic one, so there goes the idea of using PC port of Android for that stupid app. Not much positive is written about passing SafetyNet on Android-x86 AFAIK, just some guy hinting using his Magisk module safetypatcher supposedly helps, which just changes phone's fingerprint in a different way during runtime. But since changing the fingerprint directly in build.prop isn't evidently a problem, since I could do it on my phone and still pass the check and the author of MagiskHide Props module, which also changes the fingerprint, says it won't help if one is unable to pass even the basic check, that's just another dead end. Finally, removing Magisk on my phone = SafetyNet check not passing due to custom ROM Downgrading to latest official ROM (Android 4.4.4) = inability to run the banking app at all since Android 5+ is required

https://devblogs.microsoft.com/oldnewthing/20130327-00/?p=4833 Enable desktop composition is no longer an option to disable, which would result in a radical change how the desktop and windows are rendered, which is why you saw what you saw on Windows 7. So it's mostly about subjective perception whether you like the things listed there or not. Obviously windows will still (dis)appear faster if their animation is disabled, but those animations shouldn't bog your computer down if left enabled.

GUI just calls regsvr32 to do (un)registration. OldNewExplorer won't mess up Windows like that, we'd see a lot of panic in this thread otherwise. Something else is going on on your PC.

This looks like a NVIDIA Optimus laptop and Optimus only works on Windows 7+. Older switchable-graphics solutions are implemented differently, on both hardware and software front, see here.

It wouldn't make sense because MEMORYSTATUSEX struct isn't backwards compatible with MEMORYSTATUS. The former uses 64-bit integers for most variables, the latter 32-bit. Your game works with the mentioned hack because it's picking up on garbage data because the memory for MEMORYSTATUSEX wasn't zeroed before the call. There's no reason to zero it because it's expected to be fully filled by GlobalMemoryStatusEx and none of the values in the struct besides the member representing the size of the struct are input values.

Figured it might come to that, I noticed the comment about unauthorized distribution in one of the files shortly after I uploaded it. It doesn't look like much more than an user agent spoofer for facebook.com. Let's see what happens when they go YouTube route...

It's also necessary to have Show all settings enabled in Open-Shell for Use Categories view checkbox to show up. BTW, you didn't link the article you mentioned about those registry settings.

The author would have to pack the extension separately for old Chrome versions and distribute that version outside of Chrome Store because CRX_VERSION_NUMBER_INVALID. Edit: file removed

Touch functionality was already implemented in older versions, they just use load-time linking instead of run-time linking to those functions now because they're guaranteed to be available on Windows 7+.

May I suggest K-9 Mail? You still have to enter SMTP settings for each account, but it shouldn't complain if the same SMTP server is used with multiple accounts.

It does, but elements specific to newer OS are ignored. Which is a thing since XP. Applications have to require this version via manifest if they want it, which is located only somewhere in WinSxS folder, otherwise, they get v5.82, which is located in System32 folder. v6 supports new theming features of XP.

Is it just me, or do they often change something on YouTube, preventing older versions of PotPlayer from accessing the videos?