My Browser Builds (Part 4)

[UCyborg]

The scan of the latest version obtained through its update function

In any case, it does what it's supposed to, but the .exe indeed imports many functions, supposedly it uses some closed library for what it does and it uses some Windows' crypto store to store the data. It generates same codes as KeePass with default settings for TOTP, there's no extra configurable parameters and it seems you can't see the secret key anymore after you've stored it, which is mentioned in the FAQ. I don't have experience backing up the data that are in that Windows' crypto thingy, haven't needed to so far, looks to be very similar to Chrome which ties some profile data to the Windows user account, so normally not transferable.

I guess it's up to the reader to decide.

Edited August 22, 2023 by UCyborg

[VistaLover]

1 hour ago, UCyborg said:

The scan of the latest version obtained through its update function

... FWIW, that would be v1.1.4 (file version 1.1.4.2) from 2017:

Quote

MOS Authenticator Change Log

Change for version 1.1.4:

·         Fix issue with changes into or out of Daylight Saving time.

Change for version 1.1.3:

·         Minor behind-the-scenes updates.  No new features.

Direct link to the updated binary is:

https://www.maxoutput.com/updates/authenticator/Authenticator.zbin

The "*.zbin" archive can be manually extracted (to the "*.exe") with a tool like UniExtract2 (both 7-zip/WinRar were unable to ) ...

1 hour ago, UCyborg said:

I guess it's up to the reader to decide.

6/70 is certainly a better score than the 36/70 the older version 1.1.2 generates; however, my own AV is one of the 6 vendors that flag this, so I'm not decided myself 100% ... That being said, I sense the thread has been slightly off-tracked already; more suitable in software-for-XP+ and/or AV-specific subforums probably ...

[roytam1]

On 8/20/2023 at 2:14 AM, ClassicNick said:

Correction: roytam1 uses the Visual C++ 2017 toolchain. The last version of Firefox that was able to officially compile on Visual C++ 2010 was 36.0.4, however, I have only managed to compile up to Firefox 35.0.1 on Windows XP SP3. BTW, I have a local build of Firefox 30.0 that I compiled using Visual C++ 2008 SP1, although I did use the --disable-ion configure flag due to a crash in mozjs.dll, which removes jit support. My eventual goal is to get New Moon 27.9.4+ and Arctic-Fox 42.0 targeting Windows 2000 and XP RTM/SP1. In my testing on Windows XP, I get an error stating the program cannot start because the application configuration is incorrect. Apparently Visual C++ 2008 can target Windows 2000, but restricts Windows XP compatibility to SP2. @roytam1 Do I need to use Visual C++ 2005 SP1 for Windows XP and XP SP1 support?

if you want 2000/XP RTM/SP1 support officially, you'll need VC2005. IIRC there're some hacks to make newer runtimes to support them.

 

On 8/20/2023 at 11:31 PM, UCyborg said:

Got a mail from GitHub that they'll enforce 2FA by the end of September.

got such mail today and 2FA will be forced enable in 6 Oct here.

[roytam1]

23 hours ago, UCyborg said:

The scan of the latest version obtained through its update function

In any case, it does what it's supposed to, but the .exe indeed imports many functions, supposedly it uses some closed library for what it does and it uses some Windows' crypto store to store the data. It generates same codes as KeePass with default settings for TOTP, there's no extra configurable parameters and it seems you can't see the secret key anymore after you've stored it, which is mentioned in the FAQ. I don't have experience backing up the data that are in that Windows' crypto thingy, haven't needed to so far, looks to be very similar to Chrome which ties some profile data to the Windows user account, so normally not transferable.

I guess it's up to the reader to decide.

Off-topic:

BTW if you need TOTP keygen/authenticator, you can have one written in client-side javascript:

https://github.com/jaden/totp-generator

(for Goanna3 support you'll need to deploy https://github.com/jaden/totp-generator/tree/41eb51fc70dd04f631509f27f28e227b2e00bff3 in your own webserver instead)

Edited August 23, 2023 by roytam1

[j7n]

It never occurred to me to check the program with an anti-virus because it passed a smell test. I've been having this program since 2016 (1.1.2) and used sporadically. It wants to download updated versions of itself and is probably classed as a downloader because it this. You could block its internet access. I like that it is a Delphi program and thus doesn't require big frameworks.

[RamonUn]

Another TOTP generator in 20 lines of python, code is quite easy to review for yourself.

https://github.com/susam/mintotp

I have to try on some random GitHub account to see what works for me before applying to my main account.

[feodor2]

@RamonUn did you try already?

I see you discuss the new github rule, but it was long before two password system there. They wont let me login untill i go to  the email and take and enter the second password. And now they want us to use dedicated software program for this, what them displeased with email?

So if it not possible to use it without the phone i shall drop it, because i never give it to such an evil companies, .

[RamonUn]

@feodor2

I do confirm I am able to use 2FA with GitHub without giving them my phone number!

You can click on Settings->Password And Authentication, then click the *enable 2FA button*, you will see a three step process were you first must get a key from GitHub, it will show a QR-code but you can actually click to see the code, then you can save the code (16 characters long) to a text file then use the python script or another program (MOS Authenticator also works fine) to generate a temporary key from the master key GitHub gave you.. Your clock must be accurately synced with real time (a few seconds off max). because the generated code will change every 30 seconds.

 

I tried this on two different account and it worked fine. Of course maybe it is different in different countries.

I would suggest anyway to try on a test account that you can delete later, just in case something goes wrong. This is what I did.

I am not sure if this will remove the random extra e-mail confirmation, but maybe not. I will have to see this over the next few days or weeks.

I hope it will work for you as it would simplify your life.

[UCyborg]

On 8/23/2023 at 1:35 AM, roytam1 said:

got such mail today and 2FA will be forced enable in 6 Oct here.

28. September here. Interesting my deadline is sooner despite there hardly being any activity on my account.

BTW, generating these codes works from KeePass 2.53.1 on Windows 98, the last version that launches on that OS.

[DanR20]

Testing out today's new 45.0 version the mp4 codecs on youtube don't seem to be working right. At least the sound, the video is coming in but the sound is static. These are the codecs I'm using and were good in the April version:

avcodec-lav-57.dll
avresample-lav-3.dll
avutil-lav-55.dll

The solution for now is to disable mp4 and use ogg/webm vp9.

[mina7601]

1 hour ago, DanR20 said:

Testing out today's new 45.0 version the mp4 codecs on youtube don't seem to be working right. At least the sound, the video is coming in but the sound is static. These are the codecs I'm using and were good in the April version:

avcodec-lav-57.dll
avresample-lav-3.dll
avutil-lav-55.dll

The solution for now is to disable mp4 and use ogg/webm vp9.

Hello, which build of Firefox 45 ESR did you use? IA32 build or SSE build?

[DanR20]

5 minutes ago, mina7601 said:

Hello, which build of Firefox 45 ESR did you use? IA32 build or SSE build?

The SSE build, I didn't try the IA32 one.

Are you experiencing it?

[mina7601]

18 hours ago, DanR20 said:

The SSE build, I didn't try the IA32 one.

Are you experiencing it?

I actually have never used Firefox 45 ESR, my main browsers have always been St52 & St55 (both browsers serve me well), but I did a test in Firefox 45 ESR (IA32 build & SSE build as well), just for you.

Now, for your question: No, I am not experiencing it. Tested on both XP and 7 VMs. And yes, I am testing on the latest Firefox 45 ESR version, both IA32 & SSE builds, version 2023-08-26. Edit: Disregard this report, it's wrong. It's because I was lacking the codecs that are provided below my post.

Actually, where did you get these codecs from? And do I also put them in Firefox 45 ESR's folder?

Edited August 26, 2023 by mina7601
Disregard what I reported.

[DanR20]

1 hour ago, mina7601 said:

Actually, where did you get these codecs from? And do I also put them in Firefox 45 ESR's folder?

If the codecs aren't there it's probably using webm vp9. I've tried with a fresh profile and it's the same result, the audio is distorted.

You can get the codecs on the first page of this thread, Roy's got  several links depending on the browser. This is the link to the ones I've been using with 45.0:

https://o.rthost.win/palemoon/lav.7z

You put the three files on the root firefox folder where firefox.exe is. You would also need to make sure "media.ogg.enabled" and "media.webm.enabled" are false while "media.mp4.enabled" is true.

 

Edited August 25, 2023 by DanR20

[mina7601]

44 minutes ago, DanR20 said:

You can get the codecs on the first page of this thread, Roy's got several links depending on the browser. This is the link to the ones I've been using with 45.0:

https://o.rthost.win/palemoon/lav.7z

You put the three files on the root firefox folder where firefox.exe is. You would also need need to make sure "media.ogg.enabled" and "media.webm.enabled" are false while "media.mp4.enabled" is true.

Thanks for this, wasn't aware of it, sorry. Yeah, I now tested it again on Firefox 45 ESR after putting the 3 files in its root folder, and setting the settings you mentioned, and wow.... indeed a very ugly sound distortion unfortunately appears. Happens on both IA32 & SSE builds.

Edited August 25, 2023 by mina7601