My OperaEolass patent bites the dust
Wednesday, January 28, 2009 9:51:34 PM
This patch is not supported nor functional anymore. Please check follow-up solution by XenoAntares - http://my.opera.com/XAntares/blog/xanocta
Or read below if you like reading.
Some background:
Eolas (E) is a company that patented a certain way of interacting with embedded objects on web pages. This is why in Opera, you sometimes have to click (for example) a flash player to "activate" it before it can actually be controlled. That sucks.
Opera is the only browser that I know of, that currently have this annoying system in place. IE had it, but it reached to a pocket full of money to buy a license from E.
Other (open source) browsers don't implement this mechanism because E was kind enough to commit not to pursue legal actions against open source browsers that are violating its patent. Why? I guess because it wouldn't really be able to enforce that anyway. Builds without this future would pop up everywhere in no-time.
Solution:
Make a "custom" Opera build.
Now I look at it, finding out how to bypass this system took more time then it had to.
My starting point was to grab onto the string "Click to activate and use this control". It's displayed in status bar when hovering over non-activated embed.
It can be found in english.lng listed as:
-191213401="Click to activate and use this control"
Looks like Opera is using signed long's to identify strings. We can't just search for this number in opera.dll file and expect to find it there. Storing numbers as strings would be highly inefficient. Programs store numbers in hexadecimal instead so we have to convert this value to hex. Even windows calc will do the job in Scientific mode.
decimal -191213401 is 0xF49A50A7 in hex but we won't find that too in compiled file (even if we do, it won't be relevant to what we are looking for). PC's use little endian byte order so we have to search for reversed bytes: 0xA7509AF4, actually.
In a build I've been working on, this address was found twice in opera.dll. Those were the places where Opera actually referenced this string and as there were only two of those, it wasn't really hard to figure out that first one was the one I was looking for.
Found that out by setting a breakpoint in both of them and reloading a page that contained "non-activated" embed. Only one of those breakpoints triggered.
Tracing back from a code that references string, I eventually came to a code that created an "overlay" window. This is how Opera implemented "click-to-activate" thing. Invisible window is being positioned on top of non-activated embed and prevents interaction with it until clicked (when it is destroyed).
Cutting story short (I don't recall exact steps of this process as I've done that months ago - only some residual logs made this post possible), I've traced back again to find out where Opera decided to call CreateWindowEx function, that created our evil overlay. And below are the results of this work.
Patch:
For current versions of Opera 10 (alpha) and Opera 9.64 this change does the trick:
search: F7 D8 1B C0 F7 D8 C2 04 00 FF 74
replace: F7 D8 1B C0 B0 01 C2 04 00 FF 74
For Opera 9.63 (thanks Lex1 for correcting):
search: F7 D8 1B C0 F7 D8 5B C2 04 00
replace: F7 D8 1B C0 B0 01 5B C2 04 00
In 10alpha, search pattern can be found two times but only first one is relevant. Second match is actually involved in HTTPS related stuff so better not touch it.
Before hexediting opera.dll it has to be unpacked first. Use UPX command: "upx -d opera.dll"
For hex editing free XVI32 will do the job (not very friendly hexeditor though).
Download:
If you prefer to use a "ready to go" package then download this file, extract to Opera directory and run patch_click_to_activate.bat.
Patch for Opera 9.64 and Opera 10: opera-c2a.zip
For some 32/64 bit linux distributions use this patch script (thanks kylebaker for structuring script nicely): click-to-activate-removal-opera-10.sh
To use, download to any directory and execute these commands as a root:
chmod +x click-to-activate-removal-opera-10.sh
./click-to-activate-removal-opera-10.sh
PS. Pun intended in title ;>
Or read below if you like reading.
Some background:
Eolas (E) is a company that patented a certain way of interacting with embedded objects on web pages. This is why in Opera, you sometimes have to click (for example) a flash player to "activate" it before it can actually be controlled. That sucks.
Opera is the only browser that I know of, that currently have this annoying system in place. IE had it, but it reached to a pocket full of money to buy a license from E.
Other (open source) browsers don't implement this mechanism because E was kind enough to commit not to pursue legal actions against open source browsers that are violating its patent. Why? I guess because it wouldn't really be able to enforce that anyway. Builds without this future would pop up everywhere in no-time.
Solution:
Make a "custom" Opera build.
Now I look at it, finding out how to bypass this system took more time then it had to.
My starting point was to grab onto the string "Click to activate and use this control". It's displayed in status bar when hovering over non-activated embed.
It can be found in english.lng listed as:
-191213401="Click to activate and use this control"
Looks like Opera is using signed long's to identify strings. We can't just search for this number in opera.dll file and expect to find it there. Storing numbers as strings would be highly inefficient. Programs store numbers in hexadecimal instead so we have to convert this value to hex. Even windows calc will do the job in Scientific mode.
decimal -191213401 is 0xF49A50A7 in hex but we won't find that too in compiled file (even if we do, it won't be relevant to what we are looking for). PC's use little endian byte order so we have to search for reversed bytes: 0xA7509AF4, actually.
In a build I've been working on, this address was found twice in opera.dll. Those were the places where Opera actually referenced this string and as there were only two of those, it wasn't really hard to figure out that first one was the one I was looking for.
Found that out by setting a breakpoint in both of them and reloading a page that contained "non-activated" embed. Only one of those breakpoints triggered.
Tracing back from a code that references string, I eventually came to a code that created an "overlay" window. This is how Opera implemented "click-to-activate" thing. Invisible window is being positioned on top of non-activated embed and prevents interaction with it until clicked (when it is destroyed).
Cutting story short (I don't recall exact steps of this process as I've done that months ago - only some residual logs made this post possible), I've traced back again to find out where Opera decided to call CreateWindowEx function, that created our evil overlay. And below are the results of this work.
Patch:
For current versions of Opera 10 (alpha) and Opera 9.64 this change does the trick:
search: F7 D8 1B C0 F7 D8 C2 04 00 FF 74
replace: F7 D8 1B C0 B0 01 C2 04 00 FF 74
For Opera 9.63 (thanks Lex1 for correcting):
search: F7 D8 1B C0 F7 D8 5B C2 04 00
replace: F7 D8 1B C0 B0 01 5B C2 04 00
In 10alpha, search pattern can be found two times but only first one is relevant. Second match is actually involved in HTTPS related stuff so better not touch it.
Before hexediting opera.dll it has to be unpacked first. Use UPX command: "upx -d opera.dll"
For hex editing free XVI32 will do the job (not very friendly hexeditor though).
Download:
If you prefer to use a "ready to go" package then download this file, extract to Opera directory and run patch_click_to_activate.bat.
Patch for Opera 9.64 and Opera 10: opera-c2a.zip
For some 32/64 bit linux distributions use this patch script (thanks kylebaker for structuring script nicely): click-to-activate-removal-opera-10.sh
To use, download to any directory and execute these commands as a root:
chmod +x click-to-activate-removal-opera-10.sh
./click-to-activate-removal-opera-10.sh
PS. Pun intended in title ;>
« Previous 1 2 3 4
Squirt # Tuesday, November 2, 2010 1:39:51 PM
Unregistered user # Tuesday, November 2, 2010 4:08:16 PM
XenoAntaresXAntares # Friday, November 5, 2010 12:22:38 PM
It has not been thoroughly tested: neither did I check, if older Opera versions get patched (or rejected) successfully (the old patterns have been partially ”ported“, though), nor did I check the batch script under all circumstances.
Maybe someone likes to play with it.
Rafald.i.z. # Friday, November 5, 2010 9:30:24 PM
Also I've tried you patch. My Opera version was actually not supported by patching script but that allowed me to see some things that could be cleaned up.
Even though no patch locations were found, script ended up with all three files (opera.dll, opera.dll_original and opera.dll_patched) inside the directory. In such case I would expect backup file to be restored and no other file remaining.
I haven't looked at script to see what would happen if patching would be successful but I would expect the opera.dll_patched to be gone then. Maybe it's like that already.
Also, I don't think packing dll back is a good idea. It's a slow process and doesn't have any benefits. Besides, Opera will be shipped with unpacked dll soon.
XenoAntaresXAntares # Friday, November 5, 2010 10:01:57 PM
You're right. The stand alone invocation of the perl script was supposed to produce opera.dll_patched – but called via the batch file opera.dll was supposed to be overwritten (as a backup copy should already have been created by the batch). This has been fixed now, hopefully. (Calling ”xa-nocta.pl opera.dll 1“ overwrites directly.)
The re-packing should only occur if encountered opera.dll had been upx-packed in the first place. You can well argue the benefit of that step. ;)
qczi # Saturday, November 6, 2010 4:32:07 PM
search : 66 BA 2C 00 E8 21 28 BB FF F7 D8 1B C0 F7 D8
replace: 66 BA 2C 00 E8 21 28 BB FF F7 D8 1B C0 B0 01
Unregistered user # Wednesday, November 17, 2010 11:35:54 PM
Bucic # Sunday, December 19, 2010 2:55:49 AM
RainyShadow # Sunday, December 19, 2010 7:49:38 AM
Read the notice at top of the article.
Bucic # Sunday, December 19, 2010 3:34:43 PM
Originally posted by RainyShadow:
Oh, OK. I don't know how I could have missed that :blush:
Anyway, I'd like to take the opportunity to say a BIG !!!T H A N K Y O U!!! to Rafal and all the people who made it possible to fuck Eolas
klaudyuxxx # Saturday, January 29, 2011 1:09:03 PM
Valynor # Sunday, January 30, 2011 8:51:41 PM
Unregistered user # Monday, February 21, 2011 6:16:33 PM
Unregistered user # Monday, February 21, 2011 6:32:00 PM
alekksander # Thursday, February 24, 2011 5:18:44 PM
Unregistered user # Monday, March 28, 2011 6:30:39 PM
Unregistered user # Tuesday, September 6, 2011 9:54:09 AM