History question of the day: Why can't PPC 2003 load signed cabs?

Two cab installers?

Set the wayback machine to pre-2001. We forked the Pocket PC codebase and started work on the first Smartphone release. Several components were rewritten or created from scratch because of the design requirements of the platform, including one handed navigation, a phone-first experience, no touch screen, and a more comprehensive security model. One of those components was the CAB installer (WCEload).  For Smartphone, CAB files contained a _setup.xml file which fed into our XML-based configuration format and also could be Authenticode signed to integrate with our new security model. So we now had two versions of wceload.exe. We've been working on bringing the platforms closer into alignment since then and one example of that is the unified installer in WM5 - it's the same on both platforms now. Because the Smartphone CAB format provided much more power and flexibility, the unified WM5.0 installer uses that format. CAB format, signature checking, _setup.xml, and all.
 

Why don’t they work on PPC 2003?

So why won't PPC 2003 install the signed CABs? Well, when you sign a CAB, it adds the signature to the normal data in the CAB. There's a length marker in the cab which contains the total size of the files inside the CAB. When the file is signed, the size of the files inside the CAB and the length marker don't change, but the size of the CAB itself gets larger. (because the signature data is now attached to it) The loader on PPC 2003 wasn't expecting signed CABs, so it compares that length marker to the file size of the CAB, sees that they're different, and throws out the file.


Workaround!

When we were working on WM 5.0, we added some code to ActiveSync that will make a CAB look unsigned if it’s deploying via the application manager to a 2003 (or earlier) PPC device. But this doesn’t fix the problem for users that haven’t yet upgraded, or are installing signed cabs via the browser or storage cards. I have received some requests to describe the method that ActiveSync uses to make the CAB unsigned. There is a KB article in the works that describes the process of "unsigning" CAB files, but in short it works like this. The third DWORD in the CABfile is the cbCabinet member of the header. On a signed CAB, that size is smaller than the actual size of the file. To make the CAB look unsigned again, just change that DWORD to contain the actual size of the file. The CAB header is fully documented in the CAB SDK which is downloadable on microsoft.com.When the KB article goes live, I'll link it from this entry.


Hope this helps or entertains you,

Scott

edit 4/26: Fixed the wacky fonts. Sorry about that.