1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Activex help

Discussion in 'Software Development' started by djrock, Sep 27, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. djrock

    djrock Thread Starter

    Joined:
    May 20, 2003
    Messages:
    307
    Hello, I have a activex cab file and want to know how to read the files with in. Turn the gobbledygook inside the files into readable programming commands.


    Thankyou

    djrock
     
  2. jdean

    jdean

    Joined:
    Jan 20, 2002
    Messages:
    433
    A cab file contains one or more compressed files (it's like a zip file). When you say "activex cab file", do you mean a cab file that contains activex files?

    In the Windows Explorer, you should be able to double click on a cab file and see the contents. If the files are activex files, then they will indeed look like "gobbledygook" because they are binary executables.

    Just what is it that you're trying/expecting to do?
     
  3. djrock

    djrock Thread Starter

    Joined:
    May 20, 2003
    Messages:
    307
    I am trying to see if the activex is doing the authentication and if so is it easy to bypass.

    I am helping a friend out who’s in the security trade. He has not done a lot of setting dvr’s to be accessed from the web. While helping him I have noticed some flaws eg java script checking the username and password field is not blank. This is fine except it gives you the link to the html page to view the images except it brings up username or password not correct.

    Now I am trying to work out if its doing client side authentication (checking the username and password) using the activex.

    Thankyou

    djrock
     
  4. jdean

    jdean

    Joined:
    Jan 20, 2002
    Messages:
    433
    There isn't any good way to determine just what the ActiveX control is doing.

    I've already gotten in trouble once today with CookieGal for helping out with a question related to bypassing security, so there's not much more I can say here. The reason given by the TechGuys is that there is no way to determine if a request to bypass security is legitimate. Your request is essentially "how can i determine if there's a way to bypass security" and you should be able to see why this poses a problem.
     
  5. djrock

    djrock Thread Starter

    Joined:
    May 20, 2003
    Messages:
    307
    I just realised that I could be someone wanting to break in to something I don’t have permission to. So I agree.

    OK If the activex is doing the authentication, which would mean its client side scripting how easy would it be to bypass. 1 being easy to 10 being extremely hard.
     
  6. jdean

    jdean

    Joined:
    Jan 20, 2002
    Messages:
    433
    If a bank has a safe door made of 10 inch thick steel, how easy is it to break in? Well, getting through the steel would be difficult but there's not enough information here about the bank to answer the real question.

    Peforming a security assessment is hard to do without access to the web site and the ActiveX control. I suggest that you find a security professional (or a good hacker ;-) for a realistic assessment.
     
  7. djrock

    djrock Thread Starter

    Joined:
    May 20, 2003
    Messages:
    307
    If you can decompile the file that handles the login check, change the part for the login so it does not matter what’s entered its always correct.

    Recompile it and replace the unmodified activex cab installed in Internet Explorer with one with the modified file.

    Would that work??

    I have decompiled one of the dll’s and there is a part that mentions login. Which confirms it a bit more it does handle the login. I have made programs before in c++, java, .net but never done any sort of decompiling. I concentrate on the hardware side of computing.

    If you don't install the activex the login does not work. You just get stuck at the login page.

    I think I will phone the company who makes the dvr and see what they have to say. But I want to know myself because they might know that and not be 100% truthful about it.

    I know that client side scripting really should not be used for checking login details since it can be bypassed very easy.

    I can pm you the activex cab file if you want to look at the files with-in?

    Thankyou

    djrock
     
  8. jdean

    jdean

    Joined:
    Jan 20, 2002
    Messages:
    433
    Sorry but I'll pass. This conversation is falling into the area of "Category I Offenses" (Circumventing Copy Protection) for TechGuys : http://www.techguy.org/rules.html
     
  9. djrock

    djrock Thread Starter

    Joined:
    May 20, 2003
    Messages:
    307
    Hello, But I am not trying to Circumventing Copy Protection. When I said “I can pm you the activex cab file if you want to look at the files with-in?”

    I did not expect you to hack the file(s) for me or tell me how to. All I wanted you to do if you wanted to, is to look at them and give me an idea if it was easy or hard to bypass.

    e.g Easy

    Download program x find part 4 change line 6



    Very Hard

    A good bit of experience in working with decompiled code.


    CCTV cams can be used for all sorts of stuff. From keeping an eye on your property to watching the kids are ok when in the swimming pool. You don’t want the dvr’s security to be easily bypassed!! Especially if its used to keep an eye on your kids. There’s a lot of sick people about!!

    If I 100% knew the login check is done on the client side in the activex and depending on your knowledge how easy it was to bypass. I can go back to the company and say I know its client side and with x knowledge can be bypassed. This is not good enough!!!

    Thankyou

    djrock
     
  10. jdean

    jdean

    Joined:
    Jan 20, 2002
    Messages:
    433
    Don't want to leave you hanging here so I'm writing to let you know that I can't do any more than I've already done. Consider getting a security pro or a hacker to help you with your analysis.
    Good luck!
     
  11. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,978
    Looks like it's time to close this now. This is not an area that we should get involved in.
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/753965

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice