Open LukeSeers opened 3 years ago
DavidXanatos
commented
3 years ago I was looking into the chrome installer recently and I don't have a definete conclusion yet but suspect it amy be something around SSL/TLS that something there fails and subsecuently the connection is aborted.
LukeSeers
commented
3 years ago @DavidXanatos this is off topic, but I would like to support this project and I more then happy to donate monthly to you. I don't really fancy using patreon, but I would rather use github's donation system instead. Would this be possible?
DavidXanatos
commented
3 years ago You cen set up a re occurring donation with pay pal on my website. Through git-hub its currently not possible.
NewKidOnTheBlock
commented
3 years ago Were you connected to a VPN while running it in Sandbox?
At the moment, the regular Brave installer (Win64) outright refuses to run in latest Sandboxie Classic. Sandbox is active for ~10 seconds and then stops.
LukeSeers
commented
3 years ago When I was testing I did not have any vpns installed at all.
bjm234
commented
3 years ago NewKidOnTheBlock wrote:
At the moment, the regular Brave installer outright refuses to run in latest Sandboxie Classic. Sandbox is active for ~10 seconds and then stops.
Curious, are you trying to install Brave in sandbox.
Or, are you trying to run Brave in sandbox. Meaning, Brave is installed on your real system and you're wanting to run Brave sandbox?
NewKidOnTheBlock
commented
3 years ago I'm trying to install Brave Win64 in Sandboxie Classic (that's why I put in the link), because I don't like how Chrome-related browsers vomit files all over my operating system.
bjm234
commented
3 years ago NewKidOnTheBlock wrote: I'm trying to install Brave Win64 in Sandboxie Classic (that's why I put in the link), because I don't like how Chrome-related browsers vomit files all over my operating system.
Okay....Thanks for helping me understand. Does Brave have portable build. Just asking. Thanks again.
NewKidOnTheBlock
commented
3 years ago Yes, that's what I'm currently using as a secondary (sandboxed) browser: https://github.com/portapps/brave-portable
Thankfully they are offering BravePortable as an offline installer that comes with all the necessary files. This way, BravePortable can be successfully "installed" & run in Sandboxie.
It would be nice to use the regular Brave in Sandboxie though.
bjm234
commented
3 years ago Yes, I tried to install "regular" Brave in my default box with my Firewall off.
NewKidOnTheBlock
commented
3 years ago That gave me an idea.
Tried to install Firefox in Sandbox
Source: https://www.mozilla.org/de/firefox/download/thanks/ (Firefox Installer.exe = 0.3 MB)
The full Firefox offline installer works in Sandbox: Source: https://www.mozilla.org/de/firefox/all/#product-desktop-release (Firefox Setup 84.0.2.exe = 55 MB)
bjm234
commented
3 years ago Yeah, I'm trying to work with SBIE1308 Program cannot start due to restrictions - BraveUpdate.exe [Default] * Maybe, "regular" Brave installer needs access to __? IDK
LukeSeers
commented
3 years ago Been doing some more testing since I wanted to be able to pin point where BraveUpdate.exe (V1.19.86) was trying to connect to:
When BraveUpdate.exe tries to make a first connection it tries to goto: updates.bravesoftware.com
then also tries to connect to the following IPs:
DavidXanatos
commented
3 years ago Guys is there any open source application that would be affected by this? EDIT: I mean the installer itself not the application being installed Or is the chrome installer itself also open source?
DavidXanatos
commented
3 years ago An other issue, did you get thoseerrors with a normal bo config? because for me the instalers crash right away, only when I open IPC entierly i get to the error screean
LukeSeers
commented
3 years ago Guys is there any open source application that would be affected by this? EDIT: I mean the installer itself not the application being installed Or is the chrome installer itself also open source?
After sometime researching in regards to your question, I discovered what you might be looking for: https://github.com/google/omaha
From reading the information on their website: https://omaha-consulting.com/google-omaha-tutorial-chrome-updater I'm starting to feel we are heading in the right direction.
I do want to point out that I did try and look for how they created the chrome installer, but it seems that it's kind of a grey area. There is not a lot of information regarding that processes. I also looked into the Chromium and Brave source code to try and get some clues, but sadly nothing unveiled.
An other issue, did you get thoseerrors with a normal bo config? because for me the instalers crash right away, only when I open IPC entierly i get to the error screean
I'm not sure about everybody else, but when I started testing I had a default sandboxie installation.
LukeSeers
commented
3 years ago @DavidXanatos these may help? https://chromium.googlesource.com/chromium/src.git/+/master/docs/updater/protocol_3_1.md https://github.com/brave/brave-browser/wiki/Brave-omaha
I've been trying to figure out what adobe uses in regards to their installer/updater, but sadly I cant seem to find anything. I will keep on looking into this though.
DavidXanatos
commented
3 years ago Something is really strange with that chrome installer, for example i can stat it just fine from DefaultBox, but it fails to start from DefaultBox2 can anyone confirm this strange behavior?
LukeSeers
commented
3 years ago in "defaultbox" I still get the weird firewall error and in "defaultbox2" I don't know why, but the ChromeSetup crashes straight away and then auto closes itself.
DavidXanatos
commented
3 years ago So first of all the 0.7. build fixes an RPC issue with the installer but there are more, the installer tries to start a service, these must be allowed to run as system to operate, and than it fails because apparently the sandboxes implementation of the BITS (background intelligent transfer service) crashes right away.
So well crap...I wonder in what build of windows or sandboxie this was last working
You can test BITS functionality with the attached tool,
DOWNLOADS.exe [download_url] [path_to_save_with _fielname]
if you can find the last working configuration that would save me a lot of time
DavidXanatos
commented
3 years ago Please try adding ClosedClsid={4991D34B-80A1-4291-83B6-3328366B9097} to your sbie ini, it disable BITS as this is thoroughly broken in win 10 when sandboxed
SandboxerX86
commented
3 years ago This problem seems to be related to the RpcMgmtSetComTimeout setting.
I had the same exact problem with the Chrome Online Installer and other programs but after adding RpcMgmtSetComTimeout=n (you can use "RpcMgmtSetComTimeout=program_name.exe,n" or "RpcPortBinding=problematic_dll.dll,*,TimeOut=n" if you wan't to be specific) the programs worked as intended.
I think this is the cause of #241 too, as well as other issues posted where the problem is the program not having internet access even if the sandbox doesn't have any restrictions.
Haven't tried Brave or the Adobe programs but I can guarantee you that the ones I tried (Chrome Installer, Parsec, Some Games) all of them had the same issue of no internet access and RpcMgmtSetComTimeout was the culpit
PS: Be aware that after adding the setting and running the Chrome Installer it is going to get stuck for some minutes on the "Waiting to Download" but if you wait it ends downloading and the install is completed. Don't know why it takes that long to download but it didn't happen on old Legacy SBIE versions pre-Sophos. Edit: Just found out why Chrome Installer (and other programs as well) gets stuck downloading... it is because the BITS Service. After disabling BITS with "ClosedClsid={4991D34B-80A1-4291-83B6-3328366B9097}" as David suggested the download starts immediately. I've tested it various times to make sure.
I could be miss understanding something here, but if not this might help towards solving this known issue https://github.com/sandboxie-plus/Sandboxie/issues/241
I'm using Sandboxie-Plus v0.5.5 and a fresh install of windows 10. I'm also using the default pre-made sandbox "DefaultBox" for the following tests.
From my testing it seems that some chromium based programs tend to have a firewall issue when trying to connect to the internet from the sandbox for unknown reasons to me.
Chrome (88.0.4324.104) Brave(V1.19.86)
Regarding https://github.com/sandboxie-plus/Sandboxie/issues/241 I'm also going to take a guess that adobe cloud is also based on chromium too for the initial verification.
If you wish to test this yourself you can with the direct download _(https://ccmdl.adobe.com/AdobeProducts/KCCC/CCD/5_3_1/win64/ACCCx5_3_1_470.zip)_ . You don't need to login to reproduce the problem :)
I was able to get a older version of adobe cloud to install _(http://ccmdl.adobe.com/AdobeProducts/KCCC/1/win32/ACCCx4_5_0_331.zip)_ , but when trying to login it would sign me back out since it cant connect.
I thought since I was able to get adobe to install, I might be able to get some of the adobe products to run. I tested Photoshop CC 2018, Photoshop CC 2019, Photoshop 2020 and also Photoshop 2021 they all had the same problem, for the initial verification it would not connect.
@DavidXanatos If there is anything you want me to test in regards to any of the adobe products, I'm more then happy to help since I pretty much have full access to the whole adobe suite. Also I would love to put adobe stuff in a nice sandbox :)