Thread: Did it install correctly?
View Single Post
  #9  
Old August 22nd 18, 10:50 PM posted to alt.comp.os.windows-10
Paul[_32_]
external usenet poster
  
Posts: 11,873
Default Did it install correctly?
micky wrote:

Create the folder C:\Program Files (x86)\XHorse Electronics\MVCI
Driver for Toyota TIS
Open the file MVCI Driver for TOYOTA.msi with 7zip and extract to
the folder you created.
Browse to the folder with Windows Explorer.
Right click on the file ftdiport.inf and select install.
Right click on the file ftdibus.inf and select install.

I got a copy of the file.

A scan on Virustotal, revealed the firmware updater EXE is
protected with Themida. This thread shows what happens. Themida
doesn't have a back door so the AV companies can scan the plaintext.

https://www.wilderssecurity.com/thre...hemida.184840/

The installer is basically installing an FTDI USB-to-serial-port
adapter. The serial chip is a 28 pin SSOP FT232RL. That leaves
one quad chip on the other side of the dongle, which is the
intelligence.

The VCI stands for "Virtual Communication Interface", and FTDI
allows assigning a COM number to an FTDI dongle. I believe the
idea is, if you move the USB cable to another USB port on the
same computer, it continues to remember the port is COM4. There
is "partial PNP" information which is "assigned" by the driver
to the chip, when you first set the value to COM4.

It's hard to say where the firmware goes. The
board does have a couple small eight pin packages,
one of which could be a serial EEPROM. Or, the flash
could be inside the main chip.

I can't see a part number on the main chip. There's a claim an
ARM chip is inside the thing, but that seems unlikely without
external RAM and ROM. It would have to be a dinky version of ARM.
Usually stuff that small, the processor is an 8085 or equivalent.
Maybe they chose ARM, because the chip had flash and RAM inside
as well, and it was a "cheap SOC" of some sort. I can't make
out a part number, so that's just a guess at the moment.

*******

If you're running AV software, you could be getting gunned
down in your tracks due to "FirmwareUpdateTool.exe". There's
no reason for the FTDI drivers to be detected - it's even
possible the OS could hold a driver for those. But whatever
talks to the main chip, that software might be protected,
and it might set off your AV software and cause the entire
MSI installation procedure to fail.

I probably have those two FTDI drivers installed on
the OS I'm typing on, as I own three serial dongles,
and the two on the machine right now are FTDI. One used
to run a dialup modem (retired), the other talks to
my APC UPS (auto-shutdown).

When an off-brand AV scans the FirmwareUpdateTool.exe file,
it sees random binary rubbish instead of normal PE32 fields,
which is the Themida packer. Even if you turned off your AV
long enough for the install to finish, every time the
program starts (and the EXE loads), the AV is going to blast it.
It's not that it is virulent, just that the AV "can't look
inside" and it assumes the worst.

Paul
Ads