Skip Windows 10 default-app chooser by computing hashes ourselves




Shell Integration
2 years ago
2 years ago


(Reporter: Dolske, Unassigned)



Firefox Tracking Flags

(firefox45 affected)



(1 attachment)



2 years ago
Created attachment 8688698 [details]
Sample code

So, it looks like someone reverse engineered the way Windows 10 generates default app hashes. We were already able to _restore_ a previously computed hash to avoid the prompt after the first time it's seen (bug 1184508), and this would seem to allow us to skip the prompt the first time as well. [Of course _we_ would still prompt the user and play nice, this just allow us to implement UI that's not user-hostile like the Win10 UI is.]

I've not tested this, but sounds interesting! 

From IRC, where this popped up:

[14:56] <developers823> You all might be interested in this, allows Windows 10 instant default browser change, 
[15:05] <Dagger> developers823: "for clarity" with code like that... >.>
[15:06] <developers823> Dagger: yeah, decompiler output isn't pretty
[15:07] <developers823> though neither are the internals of most cryptographic functions
[15:08] <Mardeg> surely someone can do it in javascript WebCrypto?
[15:09] <developers823> probably, porting those nasty decompiled functions would take a decent bit of effort 
[15:12] <dolske> developers823: hmm, we can already restore hashes (bug 1184508), but looks like this is 
                 simply generating hashes from scratch?
[15:12] <firebot> — FIXED, — Remember registry hash for later 
                  use on Win8+
[15:13] <dolske> developers823: is this your code?
[15:14] <developers823> dolske: yes
[15:15] <developers823> dolske: yeah, it improves on the existing one, no need to show the dialog at all 
                        anymore, not sure if they'd want to use it though because it's sort of a huge hack
[15:15] <dolske> fasinating.
[15:16] <dolske> yeah, that's something we'd have to consider. Stuff like this can be an arms race, and now 
                 that MS is updating Win10 fairly frequently...
[15:16] <dolske> developers823: out of curiousity, what led you to reverse engineer this?
[15:17] <developers823> dolske: I saw both Mozilla and Google were complaining about it and it just seemed to 
                        me like something that should be quick to solve... took maybe 3 hours...
[15:17] <developers823> it's a complete half-measure so I figured someone ought to solve it :)
[15:19] <dolske> developers823: well, it's a nice hack, good work :)


2 years ago
Attachment #8688698 - Attachment mime type: text/x-c++src → text/plain
Looks like Acrobat Reader DC calculates the hash itself. It will write the hash value even on Win7.
This is moot. see bug 1240892.
Last Resolved: 2 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.