Code: https://www.hubbarde-meter.org/download.html So... Who wants to download the Mark 8 updater software and stick it under a microscope? (Downloading the exe is safe, but for the love of Xenu, don't run it! Only run it inside a secure virtual box or a clean stand-alone box that you scrub afterward. The update installer is 23.4M. I'm surprised (and very suspicious) that they let you download it without logging in on their site first. I think Admiral Ackbar said it best... The main question is: What else does it install besides E-meter updater? 50-ish MB expanded seem damned big for updating their new toaster. More Clam Nanny filtering software? A rootkit for a Scienobotnet?
By the way, when I downloaded it, I immediately changed the name of the exe so that I don't trip over it two years from now and accidentally run it, and well as changing the extension so that I can't. DANGERCOSsetup_mark8.exe.XENU
Afraid I don't have to time to dig just now. I only downloaded it in case they locked it up for registered members only later.
Perhaps they have some sort of spyware/listening device in there to record the person's voice as he's self auditing?
If they did, they probably want to spy on indies who still audit. That would explain the "public" new software update.
It seems to be part of Chromiumembedded project stuff. On native Windows apps, if you want to display HTML (and CSS, Javascript, etc, etc...) the option was that you had to use a control which is a gateway to Microsoft IE. That sucks donkey balls for a number of reasons. (Don't get me started when I'm suffering from PCS [Pre-Coffee Syndrome].) Chromiumembedded is a framework to allow native apps to do the same with the Chrome browser. So... This install has probably added either an embedded or full-up version of the Chrome browser to the system. Heck, that might explain the damned install size right there! The phone-home stuff is going to Scientology via their expensive Akamai proxying service. It would be nice to know what it sent. LOL at the serial/USB dongle. I guess they really didn't have another option after the meters rotted in boxes for all these years. Two suggestions: Check to see if there are any extra processes running. (I use Process Explorer by Mark Russinovich via Microsoft, but Task Manager might do in a pinch.) Were any start-up programs added? Good stuff Anonymous!
Some interesting findings: Those are only a few examples. This motherfucker queries the whole registry, my Documents and Settings folders and more.
If an embedded Chrome is being installed, it would query a lot of stuff like the IE settings, however, I notice that they're looking for their own Firefox plug-in: bridgepub.com/m8detector. If this update is only run once a year, why would they need a Firefox plug-in? Heh.
Nice Windows programs don't dick with c:\autoexec.bat anymore. If something needs to run on startup, there are proper ways of doing it these days. Even #$%@ Adobe and Apple don't do stuff like that when installing their crud. I'd say that autoexec.bat is a sign something scuzzy is going on.
When running the program it will create several files and folders in the TEMP folder: Some of the content in the Data_3 temporary file: Some of the content of the Data_2 temporary file: Some of the content of the Data_1 temporary file: So it seems like the GUI is on the hubbard site. So why is the installation 25MB? It also sends statistics information to the Google Analystics site (visitor information)
E-mail sent to the virus companies with some explanation. Let's see what happens next. Maybe one of you with some Wireshark experience can take a look at the packets?
Has anyone tried to open a browser and access critical sites with one of these boxes yet? WWP, xenu.net, etc. Any blocking, filtering, or extra ports open to CoS sites?
I was in the original filter software. I'd be curious to know if I'm still on the list, if there is a list.
And there's the proof that everything Marc Headley has said about the warehousing of these e-meter is trufax. Well done Anon, well done.
What kind of value would an software update add to an old ass serial e-meter do? I really don't get it.
It's like taking a wrapped xmas present and trying to figure out what's inside by hefting it, shaking it and whatnot. Only this present is from Scientology, it smells funny, and occasionally it ticks.
Fkme it's a resource intensive pig. This thing looks like it came straight out of the final chapter(s) of a textbook demo program for Windows system management actions using .Net2.0 in its earliest incarnation. One of those deals where coding examples are given for common actions that build up incrementally into a totally useless program overall, unless you parse out the relevant bits. Also note the reliance on dw20.exe - Dr. Watson, LOL! Who in their right fking mind doesn't wrap their own error routine in this day and age! That kind of shit went out of fashion with Win2000. Like with the autoexec.bat handling, this is another BIG obvious sign that this install package was lifted from another source and crudely adapted to do some simple function, but they drug along a ton of other shit that they didn't know how to remove. DO WANT to see a copy of dw.log plox. Unless it's already posted and I missed it? Inb4 rampant reports of MarkVIII updater crash and burn problems pissing people off who paid a small fortune and can't get it registered.
Tech-wise, nothing. These things have sat in storage so long it does not seem feasible it would require a firmware update/activation to run digital functionality. As Marc Headley has explained in the past, they would have needed to gut all the e-meters they had in storage and replace the internals to truly accomplish that, in which case there would be native USB support. Which is also stupid, if the thing works right out of the case - don't connect it to your computer. Period. Speculation: what they are likely trying to do is shoehorn in the means of automated device tracking/registration, to prevent people who are not in good standing from being able to use them. A faux lockdown if you will, fooling people into thinking that need to get the firmware check annually to keep it working. And I would be shocked if there really is a chip inside the device that self-disables if it does not get connected to a computer once a year. There is so much crap in that Anibus Report, custom handling of some sort of calendar-based date tracking didn't jump out at me, yet... but surely there is a date stored to a regkey somewhere that will set off a stoopid nag prompt telling the person to re-connect their e-meter after a year has elapsed. With the real purpose being a server-side process that records which serial numbers map to which names to tell the cult who is using which device.
