uxtheme.dl_ hacked !

[Aaron]

Just heard from a source that the process to add your own hacked files into a compressed cab file (EX_, DL_ and such) and getting past the digital signature protection can be done using the CAB SDK from Microsoft. More info soon!

Edit: hmm, the only page I could find: http://msdn.microsoft.com/library/default..../html/cabdl.asp I'll be surprised if an app from 1997 works for creating CAB files for XP

[miso1391]

Hi

AaronXP

Please don't trust your source !

hint :

Click me hard

[Aaron]

What's special about Cabpack that allows Windows Setup to continue without error? Or did you make extra modifications to the UXTheme.dll file itself to bypass the Digital Signature?

[Yazoo]

I haven't got the UXTheme.dll to work yet, my last attempt failed at the GUI with an internal structure error. Also I am tired of erasing and then burning to CDR-W. I'm gonna get Virtual PC and then start again.

@AaronXP: I guess the way to find out is to compress the DLL with Cabpack and see if the installer excepts it. I will give this a go later today after I get VPC.

[GreenMachine]

I am a little confused here. Setup does notice that the UXTHEME.DL_ and SFC_OS.DL_ are "incorrect", and reports so in the setuperr.log. This in itself does not seem to cause any errors ( ... on my system ... ). Does replacing a file with an "incorrect", yet working version generally cause an error, or stop setup? Otherwise, isn't there an OEM setting to allow OEM files to overwrite windows system files? Is the issue really with the compressor: why would CabPack be any better than MS's CabArc? Thanks for any light you can shed on this.

[Screemer]

I have a tip for you guys that want to add the hacked uxtheme.dll to a installed xp at least..

This might have been discussed here but I am posting this anyhow.

1. unpack the zip file. you'll get a uxtheme.dl_

2. expand the uxtheme.dl_ using expand uxtheme.dl_ uxtheme.dll

3. copy uxtheme.dll to c:\

4. reboot into failsafe with command prompt

5. cd %windir%\system32\

6. rename uxtheme.dll uxtheme.dll.old

7. cd\

8. copy uxtheme.dll c:\%windir%\system32\uxtheme.dll

9. reboot back into regular XP

all done..

I have used this method on 3 workstations and they all had fileprotection still enabled.. I LOVE THIS hacked version of uxtheme.dll..

[miso1391]

Hi

AaronXP

I told you don't trust your source ( There is no Digital Signature )

Last hint :

If you click me I will kill you !

[Yazoo]

Why don't you just come out and tell us what you did?

I don't see the point in keeping this to yourself :/

[Aaron]

Here's the setuperr.log I got when I used the hacked UXTHEME.DL_ and Metapad compressed into NOTEPAD.EX_:

Error:
D:\i386\NOTEPAD.EX_ was not copied to C:\WINDOWS\NOTEPAD.EXE because of the following error:
No signature was present in the subject.


***

Error:
Setup detected that the system file named [c:\windows\system32\uxtheme.dll] is not signed properly
by Microsoft.  This file could not be restored to the correct Microsoft version.
Use the SFC utility to verify the integrity of the file.

***

Still works fine though, Setup did not abort or show any screens to say one of the files failed to copy. Even if it did, it may have automatically proceeded. Notepad isn't present in the Windows or dllcache folder but its in System32.

[Yazoo]

I think makecab compressed the file to MSZIP format whereas CabPack allows the LZW compression. I think the setup checks for LZW somehow. God this is addictive wish I was home now and I would check it out.

[Aaron]

You are right, it seems miso1391's hacked UXTHEME.DL_ was made using LZX compression at a value of 21, and the byte size matches my created UXTHEME.DL_ (using cabpack) with miso1931's.

Further tests shows that compressing UXTheme.dll with Windows XP's built-in makecab utility will cause setup to halt. Also, I'm testing the modified notepad.exe with LZX compression, to see if it actually copies to three different folders rather than one (not important, but willing to see the difference )

Edit: no difference on notepad.exe whether its compressed with Windows XP's Makecab or Cabpack's LZX compression.

I've noticed that miso1931's uxtheme.dll md5 sum is different to a hacked copy that I've had since SP1 came out, even though they carry the same byte size. The answer lies in that file rather than the compression used.

[Paul 365]

It does have a different md5, but i did a BC of it the other day and it is only 2 bytes that are different. Hardly a lot but who knows....

Edit - Unless that little change causes it to match the sig or md5 of the correct file.... Is that even possible?

[Aaron]

miso's uxtheme.dll needs to be hex-compared with vorte[x]'s hacked uxtheme.dll to see the slight different. (Vorte[x] was the source of the hacked uxtheme files for XP and XP SP1)

[Paul 365]

Thats what i did, using Beyond compare.

[Aaron]

Thats what i did, using Beyond compare.

Did it tell you what value was changed at what offset? I would like to try hex-editing vorte[x]'s hacked uxtheme.dll file to force Setup to allow this to go through.