vB Easy Archive - QPST verification?

Pages: 1

QPST verification?
(Click here to view the original thread with full colors/images)

Posted by: 1Sentinel

I was wondering .... since QPST is technically not available for people openly then how do any of us know what we are downloading?

I mean I would like to use the latest copy of QPST for my VX8300 because I used it a while back for my old VX6000 and I loved it. But the problem I see is that way back then I downloaded it right from the makers website. Today everyone is downloading it from other peoples websites and while I am sure that most people are well meaning how do any of us really know what we are all passing back forth to each other? We could be passing a pretty bad file or edited version or screwed with version and not even know it.

Does anyone have a legit copy that they got from the manufacturer (Qualcomm I think it is) that they can tell us the MD5 hash from or at least the proper size or something so that when we download it we can be some what sure that what we have is not malware or a screwed with version of QPST?

I mean if you look around you can download it from a few different places which I did, and I noticed the file sizes were different. If it is the same file (QPST 2.7 build 215) then shouldn't they all be the same size?

Posted by: player911

The file sizes are different because some include different files. Some have instructions while others do not. Some might be fake, while others are not. Some might be compressed while some aren't.

I would hope that anyone who is actively seeking QPST that they have enough sense to realize a bad program from a good one.

So basically there are lots of different reasons for why the file sizes are different. But regardless this is a small detail.

Only Build 215 (latest) will work with the Cu500. So you download it and if it works then you have the latest build. I need the latest build, others may not.

Who cares if you don't have the latest version, as long as it works. Your basically getting a program for free... don't complain.

Posted by: 1Sentinel

I don't see why your so angry. Perhaps its because your so ignorant.

I am talking about the security aspect of it. Not the version.

So you are saying that if you are getting a program for free then you shouldn't care if it is infected with viruses or trojans or spyware?

And obviously I am talking about the install file. Not the zip file size. Obviously the zip file size will differ if people add more extraneous files or not. And obviously the file sizes will be different if you have different builds or versions. But if you have the same build, same version then the exe file should be the same size.

Some of us are a little more cautious than others when downloading and installing programs we get from complete strangers especially when those files are definitely posted on warez sites and could have any number of nasties contained within them. Maybe its because I am in the IT security field but I still think that everyone should excersise a little caution when doing things like this.

Still no need to be so angry. I was asking what I feel is a very sensible question in this day of transmission of malware.

Posted by: bfoos

Qualcomm doesn't offer this program to the public. The only way to get it is to warez it. That being said, when actively seeking out warez, one should have the common sense to be cautious, selective and scan any files they download. If you are that uptight and don't trust the effectiveness of your AV solution, then perhaps you should steer clear of warez.

I've never had any security issues with any build of QPST I've come across.

Posted by: mensa k

Quote:

Originally Posted by bfoos

If you are that uptight and don't trust the effectiveness of your AV solution, then perhaps you should steer clear of warez.

That or buy a cheaper computer to experiment with and use as a backup. I plan to do this soon.

Posted by: 1Sentinel

Uptight? I don't think it is being uptight to simply ask if anyone knows the size or MD5 hash of a file so that a person can compare it. Seems like common sense to me from a security perspective. If you don't have the answer that's fine. Don't answer. No problem.

I don't think that the only way to get this is warez. Someone someplace got this through legit channels. Perhaps from Qualcomm themselves or customer service or for some legit reason. If such a person could post file sizes or MD5 hash then the rest of us would know if we got a legit Qualcomm version or a hacked (and possibly dangerous) version. Seems to me like I am performing a public service if I can get it done.

I am not trying to tell anyone to do or not do anything. I am not disrespecting anyones point of view or lifestyle. I did not say that all QPST versions floating around are viruses and if you download them you are stupid. If you wish to download any version you find anywhere then more power to you. I am just asking, for my own personal preference and perhaps a few others, if there is a way that I can make sure that I am getting the legit copy from the manufacturer. If I can't then I can't. If no one knows of a way then I guess I will get no answers. But I really see no reason for people being so irritated because I ask the question.

Posted by: bfoos

I don't think anyone other than you gives a flying **** if it came straight from Qualcomm, as long as it works.

Why don't you just hash the version you have and post it here if you want to compare. Here, I'll even post my results. I downloaded qpst_2.7b215.exe from 2 different locations. Both are 100% binary identical.

qpst_2.7b215.exe: Self extracting Installshield CAB archive.
Size: 8.21 MB (8,620,020 bytes)
MD5 Hash: 2871CAB28F5C78492CE34A47BFB25156
SHA1 Hash: 88E622979025C35616E7F0A88A832FB18C14B2AE
CRC-32: 0x134B67D0

Extracted the installer and the Installshield CAB files. Scanned with Symantec Antivirus Corporate Edition v10.1.5.5000; Scan Engine 61.3.0.18; Virus definition 10/26/06 rev .20: No risks found.

Contents of the Installer:

40COMUPD.EXE 499 KB (511,424 bytes)
MD5: 1F3185ADD3579D0534510B02AAA9CA7E

data1.cab 464 KB (475,260 bytes)
MD5: B75081D7364028E31CA693443B644AD7

data1.hdr 32.0 KB (32,815 bytes)
MD5: 489FB865CD9AD1E0E146216120B1F1C7

data2.cab 5.64 MB (5,916,097 bytes)
MD5: AFA8B3506509ADFF29DC26F160515698

dcom95.exe 1.17 MB (1,229,056 bytes)
MD5: 954B70D2433F6F1DCA332809DF50A4A9

ikernel.ex_ 338 KB (346,602 bytes)
MD5: 93B63F516482715A784BBEC3A0BF5F3A

layout.bin 435 bytes (435 bytes)
MD5: 142779CE42AAA218B2F1A5B00893E21E

Setup.bmp 322 KB (330,056 bytes)
MD5: C86A5C90A3A55F6EF8C20469834A608C

Setup.exe 53.0 KB (54,272 bytes)
MD5: D765793F5D803673D1B4B5586E8FD66C

Setup.ini 93 bytes (93 bytes)
MD5: D5FB577D24F384160882E2CEEC3B2C74

setup.inx 173 KB (177,539 bytes)
MD5: 9A7B5146DFE59634DE3B3BFD09475E8B

Good enough?

Posted by: 1Sentinel

I am starting to think you may be right. It does appear as though I am the only that cares. In this forum anyway. The IT security forum I frequent does have another view

But that is some great info there and should prove helpful. Thanks a lot. Much appreciated.

Posted by: C1u31355

Quote:

Originally Posted by 1Sentinel

I am starting to think you may be right. It does appear as though I am the only that cares.

I think it's sensible to be concerned about the integrity of files. There are some bad folks out there, and a good way to mess up your computer is to load software from a dubious source. I scanned Qpst before installing it, and I hope everyone else did too. Think how troublesome it would be to have a program that sneakily damaged both your computer and your phone.

I really don't understand the hostility generated by 1Sentinel's question. It was entirely proper for 1Sentinel to ask, and great for Bfoos to hash all those files.

Posted by: chkdg8

I know that we cannot talk about the actual program as far as sharing it but is there an actual tutorial for the 8300? Can the 8000's tutorial work as well?

Posted by: 1Sentinel

Quote:

Originally Posted by chkdg8

I know that we cannot talk about the actual program as far as sharing it but is there an actual tutorial for the 8300? Can the 8000's tutorial work as well?

This is a totally new question unrelated to the current topic. Why don't you start a new topic? You'll get better results.

Posted by: themopedwhiz

Quote:

Originally Posted by 1Sentinel

I don't see why your so angry. Perhaps its because your so ignorant.

I am talking about the security aspect of it. Not the version.

So you are saying that if you are getting a program for free then you shouldn't care if it is infected with viruses or trojans or spyware?

And obviously I am talking about the install file. Not the zip file size. Obviously the zip file size will differ if people add more extraneous files or not. And obviously the file sizes will be different if you have different builds or versions. But if you have the same build, same version then the exe file should be the same size.

Some of us are a little more cautious than others when downloading and installing programs we get from complete strangers especially when those files are definitely posted on warez sites and could have any number of nasties contained within them. Maybe its because I am in the IT security field but I still think that everyone should excersise a little caution when doing things like this.

Still no need to be so angry. I was asking what I feel is a very sensible question in this day of transmission of malware.

keep your virus program up to date , with the latest updates

and scan the file before you use/install it...

if that action doesn't soothe your worries, i suggest you forget about trying to find and use it..

BTW what you are saying is true of any program you can find on the internet

you roll the dice you take your chances

Posted by: chkdg8

Quote:

Originally Posted by 1Sentinel

This is a totally new question unrelated to the current topic. Why don't you start a new topic? You'll get better results.

As you can see I'm not new on here. I just don't want to instigate a new thread that'll probably get deleted for talking about something that we're not supposed to. Thanks for your concern.

Posted by: Silentbtdeadly

Quote:

Originally Posted by 1Sentinel

So is everyone from the IT security field so paranoid? I have downloaded thousands of files... I know what sources to trust, and if you have been around long enough, then you know there are even warez sources that can be trusted nearly 100%
There are things to look out for... not many programs out there that are less than 100k in file size that actually do somthing... most are probably spyware. Other than that, it is a bit difficult to add a virus to a program and have the filesize come out NEAR the original... and if you do, then a virus scan will pick it up. This has to do with the way the data would be compiled..
I dont believe Player911's response was at all angry.. it was realistic. Your getting a piece of software the manufacturer doesnt want you to have. You cant download it from Qualcom, customer service wont give it to you.. so your taking a chance no matter what. If your well informed(and your supposed to be an IT security guy, remember?), then you would know that you can search to see if anyone else has had any problems. Which they havent. You cant succumb to paranoia.
Besides.. If there was a real security issue then you would see alot of people posting complaints and warnings about the program. But you dont. Because there arent. And your just being paranoid. You think your somehow doing someone a service, when thousands of people have done this no problem.. chances are, at least a FEW of them would know if there was a problem.

Oh, and when you post a question, you cant tell others not to post, if you dont like their answer. Especially when they are telling you that your question is irrelevant. It just might be.