Jump to content
Flirc Forums

Skip App v0.9.4 Beta


jason

Recommended Posts

@dnalloheoj Thanks for the suggestions! Yeah, I've got an Asus motherboard and I have Armoury Crate installed to manage my RGB devices, annoyingly. I don't like it much either but it's literally the only software I've found that actually can see all of my various RGB components inside my case in one place and sync them up together, so it's what I'm stuck with. I did already try the Skip App in safe mode (with no success), which I believe doesn't run the Asus services, but I didn't specifically check so I could be wrong. I will look into that again soon.

As for Everything.exe, it has only ever been useful for me, and I am actually only running the portable version of it, not the installer version, so i would be extremely surprised if it were causing any issues, but I can also try making sure that's closed down as well.

EDIT: Yeah, I tried closing and/or stopping a bunch of processes and services just now, then uninstalled the remote in device manager, then tried the app again, still no luck :( I could reinstall Windows but it would be a huge pain, especially since I just went through that only a couple months ago unexpectedly.

Edited by theboomr
Link to comment
Share on other sites

4 hours ago, jason said:

Major thanks to @Agustin

Okay, FInd our Same 20A0 device under HID-compliant Vendor-Defined Device.

Go to the details tab. Go to `Physical Device Object Name`image.png

Now open up the process explorer application. Search for your `value` you have for above, here is mine in the screenshot:

image.png

What is the process? If it says non-existent, go to run->resmon

Sort by PID, and find the match!

image.png

 

@AeroCluster@sWRbQTFGSIAWare you able to try this?

Link to comment
Share on other sites

I'd agree on Everything.exe completely. Like I said, just totally threw it at the wall as it was something I had installed as well. It being portable makes it even less likely than the already near 0% chance.

Does your other computer, that the remote works on, have that same ASUS software?

With the ASUS stuff, even just for the sake of testing here, download the latest version of ROG from the website - backup your 'config' for your light settings if that's a thing - uninstall ROG - test the skip app, see if it works - install the newest ROG version you downloaded, restore config (If it doesn't automatically).

Can't hurt to get it up to date and possibly troubleshoot your issue at the same time. Safe Mode wouldn't exactly be a good test here, neither would Diagnostic Startup, as it very likely will restrict necessary services for the App to run.

Also notice from the process list that some of the ASUS stuff is running at a system level - not the user. Things like the Cert Service are very likely to be in play here. I can see that the LED controller stuff doesn't, so that's very likely not the issue, but other parts of that ASUS software are. I would THINK that the ASUS software would let you choose which components to of the package as a whole that you want to install - i.e. only install the fan/lights/etc controllers, but don't install whatever has to do with Certificates. But I don't know if the software allows that or not.

Edited by dnalloheoj
Link to comment
Share on other sites

1 hour ago, jason said:

@AeroCluster@sWRbQTFGSIAWare you able to try this?

I'll give it a shot when I get back from work tonight.

Also, I do have an Asus motherboard and the Armoury Crate bullshit installed to control its RGB, so I'll try Skip App v0.9.4 again after uninstalling that.

I'll have to reinstall it eventually to have proper control of my motherboard's built-in RGB though, so hopefully Skip App can be updated to run simultaneously with it (if it is what's been causing this problem).

@dnalloheoj It's been a while since I installed Armoury Crate, so I can't remember if it gave me much control over how many of its "features" it would install.

Link to comment
Share on other sites

Neat. "Good" to hear AeroCluster. If nothing else, finding a similarity between two computers that are effected seems like we're moving in the right direction. 

I'm currently running on the guess that the ASUS Cert Service, and what I still think was my issue, the FortiDeviceGuard from FortiClient, do similar things. I know uninstalling FortiClient didn't remove the FortiDeviceGuard entry in Device Manager and I ended up having to manually uninstall the device from Device Manager. More digging into that, looks like it's very possible that removing it that way wasn't the best idea: https://www.reddit.com/r/fortinet/comments/krpph5/fortideviceguardsys/ - I also installed it using FortiEMS which I'm seeing plenty of other reports about it breaking USB Devices: https://www.reddit.com/r/fortinet/comments/je3gq0/forticlient_ems_blocking_all_usb_devices/

Then, of course, reformat/reinstall removed that. Never reinstalled it (yet). Maybe I'll take a System Restore point and try and install it in the morning, see if I can re-create the issue. 

If this does end up having something to do with it, who knows how many other applications out there are doing similar things.

E: Just further mind-dump. I'm guessing the issue here would be cert related. Asus cert service and FortiDeviceGuard are probably acting as their own root cert authorities, issuing out certs to attached devices. This would make sense in the realm of ASUS as it would be 'authorizing' valid (cert'd) devices to operate at the system level. This would also make sense for FortiDeviceGuard as it would be protecting the system from unauthorized devices. Inverse of Asus, but a similar function, and one that's possibly messing with the Skip. 

Another wild theory - anyone with issues have Bitlocker enabled / enforced on their PC?

Edited by dnalloheoj
Link to comment
Share on other sites

11 hours ago, jason said:

Major thanks to @Agustin

Okay, FInd our Same 20A0 device under HID-compliant Vendor-Defined Device.

Go to the details tab. Go to `Physical Device Object Name`image.png

Now open up the process explorer application. Search for your `value` you have for above, here is mine in the screenshot:

image.png

What is the process? If it says non-existent, go to run->resmon

Sort by PID, and find the match!

image.png

 

I just uninstalled Asus Armoury Crate with the official uninstaller from Asus and restarted my PC, then went through this same process. I'm uploading the screen recordings of the "USB Input Device Properties" and "HID-compliant vendor-defined device Properties" windows.

I'm running into the same roadblock with Process Explorer, though. No results for the Physical Device Object name from either the USB or HID windows for the 20A0 device. No results when I just search "20A0" (without the quotes) either.

Also, just like for @theboomr, the Physical Device Object name in the "HID-compliant vendor-defined device Properties" window is increasing by 1 digit each time I plug it back in. It was "000000e3" when I first looked at it tonight, then it was "000000e5" during the screen recording, and now it's "000000e7".

I made sure I was looking at the correct 20A0 device as well, because it only appears when the Skip 1s is plugged in. In my case, its Hardware ID is VID\20A0&PID_0008&REV_0200.

 

P.S. In case this matters, there are actually two other 20A0 devices in the list which aren't the Skip 1s.

For both of them, the "Bus reported device description" says "flirc" (so they're apparently both for the Flirc USB for some reason).

The 1st one's Hardware ID is VID_20A0&PID_0006&REV_0200&MI_01

The 2nd one's Hardware ID is VID_20A0&PID_0006&REV_0200&MI_02

There might be two listings for the Flirc USB because I normally have it plugged into a USB hub connected to a rear USB port, but right now I have it plugged into my PC's front USB header. At least, that's the only explanation I can think of.

(I don't know if this matters at all, but all of the 20A0 devices list the value "steamxbox" in the "Class lower filters" property and one of the other alphabet soup properties. I haven't had Steam running during any of this process tonight. It isn't set to start with Windows.)

 

P.P.S. In case it needs to be stated, after uninstalling Armoury Crate, the Skip 1s is still not connecting when running Skip App 0.9.4. It does the same thing it did before - flashing as though it's connected for a split second before returning to "Remote is not connected" and "Offline".

Edited by AeroCluster
Confirming that uninstalling Armoury Crate did not fix the issue.
Link to comment
Share on other sites

@AeroCluster thanks for testing. Interesting findings here.

I'm just finishing up running a System Restore on my computer after installing ASUS Crate Full Installer which indeed did result in my errors re-appearing. I didn't take a bunch of screenshots this time around, but everything I was seeing in event viewer and device manager was pretty similar to when everything was working and I posted snips a couple days back. 

(I do have an ASUS Motherboard installed on this PC - though none of the software, until now.
Model: SABERTOOTH 990FX R3.0 AM3+)

Should be noted though, that I installed EVERY component (E: to clarify this - every component, but not every device for each component). There was like what, 100 of them? So.. figuring out which one it is exactly... Yeah sounds "fun". But probably not entirely necessary, seeing as most of them were specific devices IIRC.

Testing with Forticlient next assuming this restore finishes up before I have to get to work, usually is only 5-10 minutes, already 5-10 minutes past that though. WFH today though so can monitor throughout the day.

What I was kind of afraid of is that the ASUS stuff isn't going to uninstall nicely, same with FortiClient. Uninstalling that, and removing the devices that it added from Device Manager did not clear up my issue, either. Only when I reformatted and reinstalled it did. Lot happens when that occurs though, so not even saying that ASUS is the culprit, despite the timing of it appearing when I installed that. But .. possibly that it's making changes to other system files that don't get neatly reverted upon uninstall.

We'll see if I can get it to reappear with Forticlient and continue digging. 

Edit: Shit, forgot to test the custom apps before restoring. D'oh.

Random additional note, my desktop was not yet on 22H2 prior to reformat/reinstall, but is now. That was partly the reason for the reinstall, but prompted by a drive cloning process going wonky. Only adding that to say this isn't specific to 22H2. 

E2: Not going through the full install on this second PC, but noticing as soon as you start up the installer, it starts registering PIDs to an ASUS service. 

@jason Curious, and maybe you don't want to share this info for any number of reasons, but roughly how many remotes have been sent out? We've got 5-10 people in here with an issue, but was the first run sent out, idk, 1000 devices? Just trying to get an idea of how wide or narrow the scope of the issue is. Like, if 1000 devices are out there but only the handful of issues are being reported here, and we're all finding a certain ASUS software installed, no, it might not be the actual culprit, but it's definitely a trend. 

Who knows, maybe it's something with the hardware itself - like I said, I didn't have that software installed prior, but was seeing the issue, and clearly we've all got ASUS components, at the very least. Are we all running ASUS Mobo's? TBD, but we'll see. 

Just to also clarify for funsies here. Software that's intercepting and issuing out it's own certs is essentially a rootkit. It's taking control over authorization of your computer without your control/consent (I mean, I guess by installing it you consented, but whatever), at the system level.

Edited by dnalloheoj
Link to comment
Share on other sites

Uninstalled. Still broken.

Suspicions all but confirmed here. This thing took about 45 minutes to install, yet the uninstaller removed it in all but <2 minutes? No way.

Pop open regedit, CTRL+F "ASUS" keep hitting F3, look at em all. Everywhere. And guess what the very first one that pops up is? AsusCertService. That uninstaller doesn't clean up shit.

image.thumb.png.7b8a609fd8f9f084066edbaf35a3f47f.png

I really don't know if this is going to be possible without an actual reinstall. That is messy. fucking. software.

@jason was half-joking. But seriously. Burn it with fire.

E: aaaaand now synology photobackup fucked up my restore point, lmao, darn. 

E2: Nevermind, synology was just holding it up. Got the restore to go through. Guess what still didn't get removed? Fuckin' Asus' wild regedits. 

  I repeat:

14 hours ago, dnalloheoj said:

asuscertservice.exe - Personally, I don't like that one bit. 

Get rid of it.


Except apparently, you can't. 

So here's the question - does anyone here, who is having issues, use a computer where ASUS Crate, or Forticlient has NEVER been installed?

Edited by dnalloheoj
Link to comment
Share on other sites

2 hours ago, dnalloheoj said:

Uninstalled. Still broken.

Suspicions all but confirmed here. This thing took about 45 minutes to install, yet the uninstaller removed it in all but <2 minutes? No way.

Pop open regedit, CTRL+F "ASUS" keep hitting F3, look at em all. Everywhere. And guess what the very first one that pops up is? AsusCertService. That uninstaller doesn't clean up shit.

image.thumb.png.7b8a609fd8f9f084066edbaf35a3f47f.png

I really don't know if this is going to be possible without an actual reinstall. That is messy. fucking. software.

@jason was half-joking. But seriously. Burn it with fire.

E: aaaaand now synology photobackup fucked up my restore point, lmao, darn. 

E2: Nevermind, synology was just holding it up. Got the restore to go through. Guess what still didn't get removed? Fuckin' Asus' wild regedits. 

  I repeat:


Except apparently, you can't. 

So here's the question - does anyone here, who is having issues, use a computer where ASUS Crate, or Forticlient has NEVER been installed?

I’m a bit confused. Have you narrowed it down to these two pieces of software? Honestly I can solve this if you put a machine in front of me. It’s just a matter of trial and error. Maybe changing my HID report to confuse windows and not claim my device. Or figure out how to write a custom driver that just tells windows and other programs to fuck off. But I still don’t know if this is the problem. 

I've shipped 300. There are others who wrote in not participating here, but only a few. Of all shipped, some people had macs. I stopped shipping when this started as it became clear it was a problem. 

Link to comment
Share on other sites

I wouldn't say that I've narrowed it down specifically to these two pieces of software, no, but I think whatever both of these programs do, is what the issue is. And my guess is cert related tbh. So the question 'Anyone with issues that DOESNT have this' is an attempt to see what other software pops up, check into how it behaves, and see if we have similar rootkit-type behavior.

A Mac reporting in doesn't surprise me one bit, for essentially the same reasons. Macs are going to be locked down a lot further than a Windows PC natively. "Macs don't get viruses" - Yeah, it's because they have their own rootkit(/AVish thing) already installed. BUT, I would still like to see what other processes would be running on a Mac with the issue, because I'm certain you tested on a Mac without issues, given there's software for it.

I'm available here pretty much all day with a non-working PC sitting right beside me if you want access to it since I'm on my work PC. At this point, looks like I'll need to reinstall Windows again anyway so you're welcome to break anything you want, basically. 

Edited by dnalloheoj
Link to comment
Share on other sites

25 minutes ago, dnalloheoj said:

I wouldn't say that I've narrowed it down specifically to these two pieces of software specifically, no, but I think whatever both of these software do, is what the issue is. And my guess is cert related tbh.

A Mac reporting in doesn't surprise me one bit, for essentially the same reasons. Macs are going to be locked down a lot further than a Windows PC natively. "Macs don't get viruses" - Yeah, it's because they have their own rootkit(/AVish thing) already installed.

I'm available here pretty much all day with a non-working PC sitting right beside me if you want access to it since I'm on my work PC. At this point, looks like I'll need to reinstall Windows again anyway so you're welcome to break anything you want, basically. 

Yeah. Let’s connect with all team viewer. I’ll be at the office in about 45

Link to comment
Share on other sites

@theboomr 

Was just removing my PC from the domain, set up a new local admin account so Jason could test from there, and re-installed the Skip App.

To my surprise, that worked.

Do you or anyone else have time to quick test this? Control Panel -> User Accounts, create a new user, give it Local Administrator rights, logout and login as that user, re-download skip from flirc.tv, test.

Edit: Enough unplugging and plugging back in and it looks like it went back to failing after ~<1s every time. But that's interesting. Maybe worth researching.

Edited by dnalloheoj
Link to comment
Share on other sites

Just now, dnalloheoj said:

@theboomr 

Was just removing my PC from the domain, set up a new local admin account so Jason could test from there, and re-installed the Skip App.

To my surprise, that worked.

Do you or anyone else have time to quick test this? Control Panel -> User Accounts, create a new user, give it Local Administrator rights, logout and login as that user, re-download skip from flirc.tv, test.

Just tried this, but same issue present for me. Note that I haven't uninstalled Armoury Crate/ASUS stuff, so possibly the winning combination is uninstalling that and then creating a new admin account?

  • Thanks 1
Link to comment
Share on other sites

16 minutes ago, dnalloheoj said:

Certainly possible. And yeah see my edit - I was able to get it to come back after enough plug-cycles. 

@AeroCluster may be able to confirm for us that before you try ripping ASUS out though, since he already did.

Does windows event manager show anything suspicious after the new account was created and then when it started to fail?

Link to comment
Share on other sites

4 minutes ago, jason said:

Does windows event manager show anything suspicious after the new account was created and then when it started to fail?

Another idea. Create a new account. Print running processes. Cause it to fail (unplug/plug). Print processes again. Diff

  • Like 1
Link to comment
Share on other sites

2 minutes ago, dnalloheoj said:

Resulted in the same behavior with the second new account - 1s-ish of connectivity, then DC'd. Nothing new and fun in Event Viewer.

Note, yes an absence of ASUS software, but reg keys are still installed.

serviceslist.txt 14.7 kB · 0 downloads Processlist-Flirc2.txt 15.31 kB · 0 downloads

Hang on, could be nothing. When you are on the new user account, you should use the following build: 5276

 

Link to comment
Share on other sites

5276 does appear to stay connected - it tries to update right away but just X'ing out clears that.

Prior tests on this new profile(s) would have been using whatever build is the one linked on the website. 

Trying my damndest to do the weirdest possible unplug/plug-in, always goes back to connected. 

Going to try re-joining domain, see if that "broken" profile works with that build, post-ASUS uninstall.

Edited by dnalloheoj
  • Like 1
Link to comment
Share on other sites

Previously broken profile (Prior to creating two new local admin accounts) works on v5276.

Not quite certain which build it was on prior, unfortunately, but I just logged in, opened it up, and it worked. It prompted for the update, but did so in a manner that I've only now seen twice, this time, and just ~10 minutes ago. Previously any prompts for update were from a more Windows-Store style prompt. 

 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...