U-He Zebra Timebomb

Discussion in 'Software' started by kola, Nov 18, 2021.

  1. ArticStorm

    ArticStorm Moderator Staff Member

    Joined:
    Jun 7, 2011
    Messages:
    7,730
    Likes Received:
    3,943
    Location:
    AudioSexPro
    windows firewall rules work fine for me, you can easily set them up, since alteast windows xp nothing has changed there.

    Well for uhe we know now that we can generate fake names with working serials, which give us total non-bombing access to the almost complete uhe product line.

    Not sure if uhe will design something new and bug users with new serials. But from urs past posts on kvraudio we can bet on that, but this i guess has to wait for a new product release? Or is Urs still busy on the drawing board? I mean the current product did work for atleast a decade, which is very good - only dongle stuff kept protected that long.
     
  2. saccamano

    saccamano Audiosexual

    Joined:
    Mar 26, 2023
    Messages:
    1,250
    Likes Received:
    508
    Location:
    CBGB omfug
    Yes, the win native FW does work (never said it didn't), but it is very obtuse to make rules for AND (most importantly) there is no REAL TIME dashboard (i.e. network monitor) to look at traffic and set rules on the fly. Also a firewall needs to be able to be configured in such a way as to make two or more different networks mutually exclusive to one another. That is to say keeping unwanted/unapproved traffic from traversing an internet vlan onto a backend admin vlan and vice versa. This is possible given the limitations of the win native FW, but VERY difficult to implement properly and to monitor. Personally I just turn it off and install/run a proper FW.
     
  3. Sylenth.Will.Fall

    Sylenth.Will.Fall Audiosexual

    Joined:
    Aug 21, 2015
    Messages:
    2,664
    Likes Received:
    1,840
    Try using Tinywall, it takes the windows firewall and not only doubles up the strength, but it has a front GUI that makes the windows firewall very easy to use.
     
  4. Sylenth.Will.Fall

    Sylenth.Will.Fall Audiosexual

    Joined:
    Aug 21, 2015
    Messages:
    2,664
    Likes Received:
    1,840

    XP only had incoming rules though if memory serves correctly
     
  5. clone

    clone Audiosexual

    Joined:
    Feb 5, 2021
    Messages:
    7,437
    Likes Received:
    3,280
    I'm not trying to write a book when most people already know how it works, with the left column of each entry containing the ip of localhost, 0.0.0.0, or in certain cases another Lan IP.
     
    Last edited: Jun 23, 2023
  6. ArticStorm

    ArticStorm Moderator Staff Member

    Joined:
    Jun 7, 2011
    Messages:
    7,730
    Likes Received:
    3,943
    Location:
    AudioSexPro
    It is not, if you invest a few google searches, then it is understandable and quick, but most poeple dont do that.

    Host file editing only blocks adresses on DNS-level, it blocks no ips. (rerouting for example audiosex.pro to 0.0.0.0)
    If you enter ip-adress in browser you can still reach the webpage.

    I agree that monitoring and finding out ips and their activity could be better, but for that you can use additional tools if you really need.

    could be my memory doesnt serve me will there. But then atleast windows 7 had it, which should be the minimum windows-OS, which should be still used.
     
    • Agree Agree x 2
    • Funny Funny x 1
    • List
  7. 2poor2

    2poor2 Producer

    Joined:
    Jul 13, 2014
    Messages:
    344
    Likes Received:
    88
    There is no way a plug-in can call home, if there is no internet.

    Also, people please stop thinking ONLY .exe files can do stuff like connecting to the internet !
    Any created file can act as an excutable !

    A .vst3 file can act as an executable. A .dll file can act as an executable !

    Ive found a cmd script on the internet , that grabs whatever extension i define, like .exe, .dll, .vst3, etc, and it will add a in/out rule in the windows firewall.

    Eg, i copy my addrule.cmd file to c:\program files\steinberg\vstplugins\my plugin, open an admin cmd from there, in the cmd window, i type a+d+d, + tab, the command prompt is now addrule.cmd, i type a name, between double quotes, like 'plugin name+manufacturer'...
    Press enter... and the script will search for all the extensions, even in the subfolders, and will add all the in/out rules to the firewall.

    If you run it in program files\steinberg, and you have a ton of plug-ins, it will block all the exe, dll, ocx, vst3, etc, inside the cubase folder and all subfolders !

    Yes, because a developer can write an app, a vst plugin or instrument, and the file might be called 'mamouth.casanova'...."quadcompressor.pieceofshit'... or even "divinity.pavarotti".... and yet, all those files might have code that will connect to the internet, connect to a server, etc etc.

    If a .vst3 runs some code 'get current logged username, windows version, scan the vstplugins and get all the file names, and sends all that data to the server 24.25.26.xx port 10000', well, if that file isn't blocked by the firewall, it will do exactly that.

    Also, if there's a risk for the new version, r2r or not, to have some issues, and permanently fuk up the windows installation, with hidden files, registry entries, etc,
    PLEASE, take 5 minutes to download and install VIRTUALBOX !
    With vmware, there is a latency/ echo issue, and we must add a special line, to the config file, to more or less fix the issue.
    With VirtualBox, when we 'mount' our audio interface, the audio works flawlessly, with no echo, no latency, no nothing.
    We can quickly install a simple daw, like reaper, or simply use a vsthost ... to try out that new plugin, or check if the latest update actually breaks something.

    Don't be afraid to add even thousands of rules, to the windows firewall. Block every single extension you can, with the addrule.cmd method. Block the full daw and all subfolders.
    I think I've seen a windows firewall app, where one could simply block an entire folder. That would be the ideal solution, better than blocking 50 .exe...30 .dll... all manually, one by one...

    If you absolutely need internet, and don't want to disable the network card, you can create a firewall rule that blocks EVERYTHING, and you create a rule that allows, eg, your web browser to go "outside"... and you block all websites in the browser, excepting a few ones that you enjoy visiting.

    Because again, there is no reason for a plug-in to call home, if all the doors are 'closed'...
     
    • Like Like x 1
    • Funny Funny x 1
    • Interesting Interesting x 1
    • List
  8. clone

    clone Audiosexual

    Joined:
    Feb 5, 2021
    Messages:
    7,437
    Likes Received:
    3,280
    if you are this security aware (or paranoid), you eventually get sick of all this stuff on your daw computer. exe, nah not connecting anywhere. dynamic linking library, ocx, dependencies written directly into delphi authored executables, etc....nope. 99% of it is wasted effort, like getting good at landing a plane at the wrong airport. If windows (in)security is of this much interest to you, stick it in a VM as your Victim OS.
     
  9. 2poor2

    2poor2 Producer

    Joined:
    Jul 13, 2014
    Messages:
    344
    Likes Received:
    88
    Not paranoid, but i like using a little windows shortcut, that

    - installs the r2r root certificate
    - disables the network stuff
    - starts the daw

    When I'm done, i click on another shortcut, that
    -enables the different ethernet + wifi cards
    - disables/removes r2r root certificate

    It takes 2 seconds. Not a big deal. No need to worry if this plug-in is well Patched, if this plug-in will/has called home.

    Some will call me un ungrateful disgusting human, for daring not 300% trust the r2r certificate.
    It's not because it's r2r, or vr, or s3s, or t4t... it's because it's a ... root certificate, no matter who makes it (and don't talk about the many other certificates that come activated, on windows 10/11..)

    Many have forgotten, but a few years ago, r2r hadn't posted 1 single plug-in, for over 1 year, because of the leak thing, and because they were so so so pissed, because of the people who were always begging 'r2r release this...r2r release that'... they were so mad, that for over 1 year, they 'punished' us.
    Had they had a root certificate in some begger's computers, they were so frustrated and mad, i think they would have been able to destroy their computers, so they stopped begging...

    Today, they could be 'on our side'. Tomorrow, they could be grabbed by the fbi,/ others, and asked to pay tens of millions, as reparations for copyright infringement... and what could be done, with those root certificates in place ? Does anyone know the future ?
     
    • Interesting Interesting x 2
    • List
  10. clone

    clone Audiosexual

    Joined:
    Feb 5, 2021
    Messages:
    7,437
    Likes Received:
    3,280
    Well, obviously you know that a small executable can be merged/melted into a still fully functional application. As small as 2 kbs, for just simple http download/upload/execute functions. Any executable can be tampered with in such a way, and if there is no mechanism for comparison to original; a free linking or hosting service web account is not exactly Fort Knox. Replacing an example file with a 1mb file size difference is not setting off any more alarms than an already tolerated "false positive".
     
  11. saccamano

    saccamano Audiosexual

    Joined:
    Mar 26, 2023
    Messages:
    1,250
    Likes Received:
    508
    Location:
    CBGB omfug
    Dont need it or want it. Outpost pro does everything I need from a firewall.
     
  12. Sylenth.Will.Fall

    Sylenth.Will.Fall Audiosexual

    Joined:
    Aug 21, 2015
    Messages:
    2,664
    Likes Received:
    1,840
    Did they ever sort out that huge flaw in their software? The HTTPS leak from ID block which never functioned on secure sites, meaning any time you inserted your personal info on a supposedly secure protected website, your details could be leaked or stolen by any half decent hacker.

    That was why I stopped using it several years ago. If memory serves , it was version 9
     
  13. saccamano

    saccamano Audiosexual

    Joined:
    Mar 26, 2023
    Messages:
    1,250
    Likes Received:
    508
    Location:
    CBGB omfug
    :rofl:
    You're not serious... You dont block ip addresses directly in hosts. Your entries are domain names which eventually resolve to ip addresses. And

    FYI, if you're setting a "0.0.0.0 domain.name" or "127.0.0.1 domain.name" entry in your host file and after saving it, you can still ping/surf to that domain name/ip address, then you got some SERIOUS problems with your os/net config. You should just shutdown now and figure it out because it's fubar.
    :rofl:

    I use ONE tool which suffices for all. It is time/os tested and it works better.

    XP's firewall was ingress only. Not certain when win native FW first went both ingress/egress (maybe vista? maybe win7?)... It still sucks tho... IMO.
     
  14. clone

    clone Audiosexual

    Joined:
    Feb 5, 2021
    Messages:
    7,437
    Likes Received:
    3,280
    This isn't exactly correct. Your command line tools will reflect the changes in modern WIndows versions. So your ping will work as you expect. But your browser will not, in many of them; until cache is flushed. https://serverfault.com/questions/9050/how-to-refresh-hosts-file-without-rebooting. The XP firewall was a joke. Better tools like Blackice Defender, Zone Alarm, etc were already available. By then Cisco PIX were available, but still quite expensive. Prior to 2005, Windows Defender was called this (also junk):

    Microsoft AntiSpyware

    At the 2005 RSA Security conference, Bill Gates, the Chief Software Architect and co-founder of Microsoft, announced that Windows Defender (formerly Microsoft AntiSpyware prior to November 4, 2005) would be made available free-of-charge to users with validly licensed Windows 2000, Windows XP, and Windows Server 2003 ...Nov 22, 2022
     
    Last edited: Jun 24, 2023
  15. saccamano

    saccamano Audiosexual

    Joined:
    Mar 26, 2023
    Messages:
    1,250
    Likes Received:
    508
    Location:
    CBGB omfug
    Of course it's correct. Just because one doesn't know how to run a browser safely does not mean the hosts file mechanism is faulty.

    Most decent browsers will have a tweak (some buried more than others) that;
    #1 - turns OFF browser history - should be switched ON at all times
    #2 - clears browser cache at every exit of the browser program - should ALSO be switched ON at all times
     
  16. saccamano

    saccamano Audiosexual

    Joined:
    Mar 26, 2023
    Messages:
    1,250
    Likes Received:
    508
    Location:
    CBGB omfug
    Never had problem one with it. I have never had the "web ID" stuff even turned on since my entire site (internet wise) runs thru a vpn. Ver 9.2/9.3 supposedly fixed that issue anyway...
     
  17. Guitarmaniac64

    Guitarmaniac64 Rock Star

    Joined:
    Jun 5, 2011
    Messages:
    1,345
    Likes Received:
    317
    Simple?
    You clearly dont know what Reaper is.
     
  18. BuntyMcCunty

    BuntyMcCunty Rock Star

    Joined:
    Nov 13, 2019
    Messages:
    594
    Likes Received:
    338
    Location:
    Liverpool
    Can you post a copy of that script?

    I do something similar. Before I fire up my DAW, I just disable my network connections. Both the wireless and the wired, because my computer is generally on a CAT5 cable but everything else in the house is on wireless, so I don't want shit leaking out that way.

    But I'm curious about how you handle the root certificate, and also how you'd automate disabling and enabling the network stuff in a script. I've just been doing it manually.
     
  19. Alex Philipp

    Alex Philipp Platinum Record

    Joined:
    Jan 30, 2015
    Messages:
    315
    Likes Received:
    173
    Location:
    Somewhere
    Is that latest r2r keygen also bombing?
     
Loading...
Similar Threads - Zebra Timebomb Forum Date
Uhe Zebra funktionierende Version ohne Timebomb ? DE Jul 18, 2016
Zebralette 3 public beta Software News Feb 17, 2024
Zebra3 is slowly coming soon (since 2012!) Industry News May 13, 2023
Int Lab - Supernova (U-He Zebra2 Soundset) (Blade Runner, Ghost In the Shell, Akira) Presets, Patches Jan 29, 2023
28k + Zebra 2 presets needs your help! Samplers, Synthesizers Jan 11, 2023
Loading...