Recent Posts

81

Everything else / Re: Webd, similar to HFS, only 90KB

« Last post by mzw18667 on July 08, 2024, 02:57:24 AM »

I have some bad news, but please don't panic. After testing "Webd", HTTP Web Server (webd.cf/webd), everything seems to be fine (at least, at first sight it works), but when I've analyzed with an "online antivirus" (which does a sandbox analysis), the results were not so good. I've thought it was only a 'false positive', but 24hs later of testing 'Webd', my graphics card suddenly died (nothing really important, since I've tested this on an unimportant PC), but I can't be 100% sure if this was a mere coincidence or not.

After all, according to the sandbox analysis, this software has too many 'Suspicious Indicators', one of them is having driver access ("Contains ability to start/interact with device drivers"). So, I wouldn't take the chance of run this again (at least not directly on hardware, but using a 'Virtual Machine'). The lesson was learned. I always try to trust the programmer behind a software, but when things go wrong (for whatever reason), this trust is lost, and then it's very hard to recover.

I'm commenting this to the rest of the forum community, to make you all aware about the possible consequences of running this software, and how it was my personal experience with it (only as an informational note). Please don't take this as a final verdict about 'Webd'. Anyone is free to do what think it's best, but I can't recommend this software to anyone, unless you take the risks. The report generated by "Falcon Sandbox" @ Hybrid Analysis, says:

"Malicious"
Threat Score: 50/100
AV Detection: Marked as clean
(See the complete report here)

Since antivirus detection "marked it as clean", you have the final choice to run it or not, and determine if it's really safe to run. That's why I always prefer 'open source' apps, to be able to analyze the software activity directly from the source code (in case it's needed). Well, that's it. I hope you don't get angry with me for saying this. I always try to be friendly and help others (I have a long history on this forum), that's why I must leave this warning notice.

Stay safe,
Leo.-

Sorry to hear that about your graphics card.
https://www.virustotal.com/gui/file/32d318da5b85b008da8ffae746c777b3f2b22a1ec5c090b4684592ae9775af75
virustotal has 1 of 64 security vendor  flagged webd.exe  as malicious, and I don't know why,
About the "driver access",  one possible reason is  the calling WSAIoctl()  and ioctlsocket().

And webd.exe can run unprivileged. Did you run it unprivileged? If you did. I don't think it has much to do with your  suddenly died graphics card.
Why would I do that. As I said earlier, since webd is quite tiny. You can totally decompilation it, there are many tools to do that.

After many days of advertising/posting about webd at all kinds of website,  user growth is very little,  I think I won't give much time on apps like webd any more, It not worth it.

I don't known why webd is very popular only in my native language world, there pages result:
https://www.google.com/search?q=%22webd%22+%E7%BD%91%E7%9B%98
But it not work in english internet.

82

Everything else / Re: Webd, similar to HFS, only 90KB

« Last post by LeoNeeson on July 08, 2024, 01:28:36 AM »

I will test Webd this weekend.

I have some bad news, but please don't panic. After testing "Webd", HTTP Web Server (webd.cf/webd), everything seems to be fine (at least, at first sight it works), but when I've analyzed with an "online antivirus" (which does a sandbox analysis), the results were not so good. I've thought it was only a 'false positive', but 24hs later of testing 'Webd', my graphics card suddenly died (nothing really important, since I've tested this on an unimportant PC), but I can't be 100% sure if this was a mere coincidence or not.

After all, according to the sandbox analysis, this software has too many 'Suspicious Indicators', one of them is having driver access ("Contains ability to start/interact with device drivers"). So, I wouldn't take the chance of run this again (at least not directly on hardware, but using a 'Virtual Machine'). The lesson was learned. I always try to trust the programmer behind a software, but when things go wrong (for whatever reason), this trust is lost, and then it's very hard to recover.

I'm commenting this to the rest of the forum community, to make you all aware about the possible consequences of running this software, and how it was my personal experience with it (only as an informational note). Please don't take this as a final verdict about 'Webd'. Anyone is free to do what think it's best, but I can't recommend this software to anyone, unless you take the risks. The report generated by "Falcon Sandbox" @ Hybrid Analysis, says:

"Malicious"
Threat Score: 50/100
AV Detection: Marked as clean
(See the complete report here)

Since antivirus detection "marked it as clean", you have the final choice to run it or not, and determine if it's really safe to run. That's why I always prefer 'open source' apps, to be able to analyze the software activity directly from the source code (in case it's needed). Well, that's it. I hope you don't get angry with me for saying this. I always try to be friendly and help others (I have a long history on this forum), that's why I must leave this warning notice.

Stay safe,
Leo.-

83

Everything else / Re: Webd, similar to HFS, only 90KB

« Last post by LeoNeeson on July 06, 2024, 10:36:24 AM »

I think you're curious for what I'm using to build the whole bunch of binaries for all kinds of platforms.

Yes, my curiosity was because it was multi-platform. Now I see that you have put a lot of dedication and work into compiling your software for multiple platforms, congratulations. That's the good thing of writing applications in C language: portability (being a platform-independent language). I will test Webd this weekend.

84

Everything else / Re: Webd, similar to HFS, only 90KB

« Last post by mzw18667 on July 05, 2024, 02:13:02 AM »

Since there are plenty of C compilers available online (GCC, TCC, MinGW, LLVM, Clang, etc), would you please leave a download link for the C compiler you use to compile WebD?.

I think you're curious for what I'm using to build the whole bunch of binaries for all kinds of platforms.
They are all built by gcc.
For windows, it's  gcc version 8.1.0 (i686-win32-dwarf-rev0, Built by MinGW-W64 project)
For linux, it's gcc 14.1.0 (I'm using "Linux From Scratch").
For OpenWRT, it's openwrt-sdk or just openwrt-toolchain:
https://downloads.openwrt.org/releases/23.05.3/targets/ath79/tiny/openwrt-sdk-23.05.3-ath79-tiny_gcc-12.3.0_musl.Linux-x86_64.tar.xz
https://downloads.openwrt.org/releases/23.05.3/targets/ath79/tiny/openwrt-toolchain-23.05.3-ath79-tiny_gcc-12.3.0_musl.Linux-x86_64.tar.xz

There are some other toolchains built by crosstool-ng https://crosstool-ng.github.io/ , such as
mipsel-linux-uclibc
armv7-linux-gnueabihf
armv7-linux-androideabi
arm-linux-gnueabihf
aarch64-linux-gnu
aarch64-linux-android
x86_64-linux-musl

85

Everything else / Re: Webd, similar to HFS, only 90KB

« Last post by LeoNeeson on July 04, 2024, 10:20:44 PM »

This is what ChatGPT said about webd

The description is perfect (it was a good idea using ChatGPT).

All compiled using a single Makefile

Since there are plenty of C compilers available online (GCC, TCC, MinGW, LLVM, Clang, etc), would you please leave a download link for the C compiler you use to compile WebD?. I'm just asking out of curiosity, to learn new things (I'm not afraid of visiting websites in other languages, since I can use a translator).

By doing this, you will soon be able to post direct links on the forum.

86

Everything else / Re: Webd, similar to HFS, only 90KB

« Last post by mzw18667 on July 04, 2024, 03:10:50 AM »

I hope the advertisements goes well for you, I wish you success. If at any point you decide to abandon or discontinue developing the software, keep in mind to open source it, so that someone else can continue improving it.

Thanks. I'm unemployed now. I hope the ads may do a little help.
I will opensource it in that situation.

It sounds very interesting, I hope it's also lightweight.

I think every apps I make will be lightweight.

87

Everything else / Re: Webd, similar to HFS, only 90KB

« Last post by LeoNeeson on July 03, 2024, 04:58:46 AM »

Thanks a lot for telling me all that.

You welcome.

I'm not sure whether to open source it. Currently, at the bottom of the file list on the web interface, there might be an inconspicuous line of text advertising or other information. If it's open-sourced, this will definitely be recompiled and removed, or even changed to someone else's advertisement and redistributed.

That's understandable. I hope the advertisements goes well for you, I wish you success. If at any point you decide to abandon or discontinue developing the software, keep in mind to open source it, so that someone else can continue improving it. Anyway, in this part of the world where I live (as you say the "english-speaking world"), most people here are very lazy, so even they having the source code, will do nothing. For example, HFS (this forum is about that software), is open source and almost -nobody- collaborates contributing with enhancements.

I am considering applying the TLS/1.3 code to a new project, such as a chat server similar to webd, because using WebRTC for audio and video calls requires HTTPS support.

It sounds very interesting, I hope it's also lightweight.

88

Everything else / Re: Webd, similar to HFS, only 90KB

« Last post by mzw18667 on July 01, 2024, 03:44:36 AM »

Hi!, thanks for sharing this. I haven't tested (since don't have enough free time right now), but it seems nice by looking the screenshots. You are lucky that I'm active on this forum to leave you a reply. If it's your app, you must know it takes some time a software to get popular and gain trust ("Webd" seems to be a relative new freeware). To my own taste, I always prefer 'Open Source' software, since to run a closed software server, there are many alternatives. If "Webd" gets open source, I'm sure popularity will surely increase. Suggestions: besides running on multiple platforms, the website doesn't say which is the minimum Windows version required (that something useful to know), and it has a typo in the title, since "shareing" is not an English word (it should be "sharing"). It would be cool if support for SSL/HTTPS is added, although file size will be bigger.

Thanks a lot for telling me all that.
Webd is popular in my native language world, it's new to english-speaking world.

Since webd's size quite small, it's not difficult to disassemble and analyze.
I didn't do extra work to protect it from disassembling.
On linux, people can use 'strace' to analyze it's behavior easily.

My codebase consists of multiple programs mixed together, divided into different directories, and interdependent, all compiled using a single Makefile.
Extracting the webd code may require a significant amount of work.

I'm not sure whether to open source it. Currently, at the bottom of the file list on the web interface, there might be an inconspicuous line of text advertising or other information. If it's open-sourced, this will definitely be recompiled and removed, or even changed to someone else's advertisement and redistributed.

Webd requires Windows 7 as minimum Windows version.

The typo has been fixed, thanks again.

I have finished the code for TLS/1.3 support(without 3rd lib). However, it cannot be smoothly integrated with the existing webd code architecture.
I am considering applying the TLS/1.3 code to a new project, such as a chat server similar to webd, because using WebRTC for audio and video calls requires HTTPS support.
For now, webd can be used with a nginx proxy to enable HTTPS.  I knew some people even use it with cloudflare.

89

Everything else / Re: Webd, similar to HFS, only 90KB

« Last post by LeoNeeson on June 30, 2024, 04:04:36 AM »

No one interested?

Hi!, thanks for sharing this. I haven't tested (since don't have enough free time right now), but it seems nice by looking the screenshots. You are lucky that I'm active on this forum to leave you a reply. If it's your app, you must know it takes some time a software to get popular and gain trust ("Webd" seems to be a relative new freeware). To my own taste, I always prefer 'Open Source' software, since to run a closed software server, there are many alternatives. If "Webd" gets open source, I'm sure popularity will surely increase. Suggestions: besides running on multiple platforms, the website doesn't say which is the minimum Windows version required (that something useful to know), and it has a typo in the title, since "shareing" is not an English word (it should be "sharing"). It would be cool if support for SSL/HTTPS is added, although file size will be bigger.

90

Everything else / Re: Webd, similar to HFS, only 90KB

« Last post by mzw18667 on June 30, 2024, 12:18:55 AM »

No one interested?
I think it's amazing that such a small piece of software can achieve so much, even though it doesn't have a GUI, only a tray icon.