Workaround for signed cab files on PPC 2003
History question of the day: Why can't PPC 2003 load signed cabs?
Two cab installers?
Set the wayback machine to pre-2001. We forked the Pocket PC codebase and started work on the first Smartphone release. Several components were rewritten or created from scratch because of the design requirements of the platform, including one handed navigation, a phone-first experience, no touch screen, and a more comprehensive security model. One of those components was the CAB installer (WCEload). For Smartphone, CAB files contained a _setup.xml file which fed into our XML-based configuration format and also could be Authenticode signed to integrate with our new security model. So we now had two versions of wceload.exe. We've been working on bringing the platforms closer into alignment since then and one example of that is the unified installer in WM5 - it's the same on both platforms now. Because the Smartphone CAB format provided much more power and flexibility, the unified WM5.0 installer uses that format. CAB format, signature checking, _setup.xml, and all.
Why don’t they work on PPC 2003?
So why won't PPC 2003 install the signed CABs? Well, when you sign a CAB, it adds the signature to the normal data in the CAB. There's a length marker in the cab which contains the total size of the files inside the CAB. When the file is signed, the size of the files inside the CAB and the length marker don't change, but the size of the CAB itself gets larger. (because the signature data is now attached to it) The loader on PPC 2003 wasn't expecting signed CABs, so it compares that length marker to the file size of the CAB, sees that they're different, and throws out the file.
Workaround!
When we were working on WM 5.0, we added some code to ActiveSync that will make a CAB look unsigned if it’s deploying via the application manager to a 2003 (or earlier) PPC device. But this doesn’t fix the problem for users that haven’t yet upgraded, or are installing signed cabs via the browser or storage cards. I have received some requests to describe the method that ActiveSync uses to make the CAB unsigned. There is a KB article in the works that describes the process of "unsigning" CAB files, but in short it works like this. The third DWORD in the CABfile is the cbCabinet member of the header. On a signed CAB, that size is smaller than the actual size of the file. To make the CAB look unsigned again, just change that DWORD to contain the actual size of the file. The CAB header is fully documented in the CAB SDK which is downloadable on microsoft.com.When the KB article goes live, I'll link it from this entry.
Hope this helps or entertains you,
Scott
edit 4/26: Fixed the wacky fonts. Sorry about that.
Comments
Anonymous
April 25, 2006
Apologies for side tracking from the orignal post, but can any provide details on how to disable the remember password option in Pocket Outlook?Anonymous
April 25, 2006
After my morning coffee I sat down to read through what people have been saying while I was asleep last...Anonymous
April 25, 2006
@gazer:
Here's what I don't get. You KNOW...you KNOW that your comment is way off topic and totally irrelevant and could probably be easily answered by google, and yet you comment anyway. "Sorry for doing something that's completely ridiculous, but where can I buy some size 3 clown shoes?"
@scyost: Sounds awesome! Looking forward to it!Anonymous
April 25, 2006
James,
I don't think asking security related question impacting Pocket Outlook in WM is completely out of context, after all it is the WM blog. I am not aware of any API or workaround to cater for this simple but obvious security requirement, hence the posting.
Finally didn't you search google for the clown shoes ?Anonymous
April 25, 2006
Well, if fixing the size (incorrectly) works in all cases, and provides a solution that is backwards compatible, why do the software tools not do that automatically?Anonymous
April 25, 2006
Scott,
Thanks so much for this detailed response to my thoroughly unprofessional rant (here, if anyone cares to read: http://blogs.msdn.com/windowsmobile/archive/2005/12/17/security_model_faq.aspx)
This has really cleared things up for me and, althought it's not a nice situation, at least it's explicable.
Question: In PPC2003SE (and possibly earlier versions) there is a wceloadsp.exe, which I assume is a smartphone-type of wceload. CPF files (which use _setup.xml) are associated with this and CAB files are associated with the original wceload.exe. What do you think would happen if I took my signed CAB file, renamed it to CPF and ran it on the device? Theoretically, that version of wceload would understand it, load it and work ok, even though the native wceload would spit out the same CAB.
I think I might have to dig out a device and try this...
Once again, thanks for the info,
DaernAnonymous
April 26, 2006
is there any documentation on how CE/PPC/SP use the abReserve block in the CAB Header? It looks as if it is basically:
typedef struct _CAB_SIGNINFO
{
WORD ???;
WORD ???; //maybe cert count? version number?
DWORD coffWIN_CERTIFICATE;
DWORD cbCertBlock
} CAB_SIGNINFO, *PCAB_SIGNINFO;
but it would be nice to see some official doc/confirmation.Anonymous
April 26, 2006
Mike, I'm not sure I understand the question. Changing the header in this manner invalidates the signature on the CAB, so it's really only useful for the downlevel Pocket PC devices.Anonymous
April 27, 2006
 
Software / Hardware 
ActiveSync 4.2 Beta Preview has been released
SlingPlayer Mobile...Anonymous
April 27, 2006
Hmm...this brings up a cunning idea which I think is worth the experimentation (I'm working on this myself).
Applying this change after signing the CAB invalidates the signature, but if the size of the signature being appended to the file can be predicted before signing, then this opens one of two possibilities:
1) Manually adjust the size in the header to match the size after signing, THEN sign the file.
2) If option 1 works, then option 2 would be to adjust the CAB creation tools to reserve space in the file for the signature (already mentioned in the CAB SDK, but unavailable as an option when building WM CABs).
That would be a whole lot easier than fiddling with the CAB header at install time (which would still depend on being able to detect OS version accurately at all times, a separate and equally "fun" issue)Anonymous
May 01, 2006
The comment has been removedAnonymous
May 01, 2006
I wrote a pocket pc program in VB 2003. But I have to deploy it to wm2005. I built the cab file and put it my device. It will have a message saying that it is a unknown publisher. How can I disable this message?Anonymous
May 02, 2006
Kieren / Daern - I really don't think there's a way to slide a signed cab through the check in the '03 installer. But if you find one I'd love to hear about it.
Matthew: I've never heard of this issue before. If you have any more information, please e-mail me.Anonymous
May 02, 2006
"I wrote a pocket pc program in VB 2003. But I have to deploy it to wm2005. I built the cab file and put it my device. It will have a message saying that it is a unknown publisher. How can I disable this message?"
Alex, you will have to sign your CAB file (and, indeed, the EXE within it) against the Mobile 2 Market program. More info here:
http://msdn.microsoft.com/mobility/windowsmobile/partners/mobile2market/default.aspx
In short, you'll have to pay an amount of money to either Verisign or Geotrust to do this.
DaernAnonymous
May 02, 2006
Scott: I don't have good details to give you at the moment. I'd have to try out a few handhelds to get a list of those affected. I have seen it, but not recently. I'll give some details when I have a chance to reproduce and document, but right now I'm busy getting things wrapped up before MEDC.Anonymous
November 22, 2006
Is this the same reason signed cab files will work on WM5 and not on CE 5.0?Anonymous
October 24, 2008
Scott, Has the KB article been published for this issue? Thanks