[QUOTE=Albert;2774763]Your concerns and questions are very much valid, and I don’t want to have your computer altered beyond what you desire.
We refer to FirmwareHQ because it contains copies of original firmware updates which are no longer accessible on the original manufacturer’s site. Previous references of the site: http://www.myce.com/search/?q=FirmwareHQ
To be quite honest, I’m not sure what you mean by FWHQ looking “unfinished”… Many of the community’s most valuable sites are simple, due to their age, the design style when they were originally released, the fact that most of this was driven by the community – with no reference to outside design firms, and a few other factors. It’s no worse than trying to navigate the official firmware updates sections on most manufacturers’ sites, which have largely remained as basic as the day they were introduced in the early 2000s.
When it comes to each of the tools (and the ways I accessed them), those links are either the original sources or they are an archive of the original source. Meaning no better point of access exists.
For the majority of the content released by the community, providing hash sums up was an afterthought. If the original site doesn’t have it, I can’t recommend a safe location that WOULD have the checksums.
It’s all very much “At your own risk”, but it’s a risk I suggest you take.
You can run the tools through VirusTotal at https://www.virustotal.com … Then reverse search the links I provided in Google to see if any of them trigger an unsafe site warning. That’s about the best I can do help protect your system.
I will say that either NONE or VERY FEW of the tools should cause any writes to the registry, so there should be no crud to remove after the fact. All the tools are standalone.
If you end up needing to put UPX in the same folder as FlashFix, the SourceForge home for it has a version from 2013 (reference http://upx.sourceforge.net here), which might reduce your concern with that particular download. (Again, no hash sum.)[/QUOTE]
After spending more time researching FWHQ - I can say that all my concerns are now laid to rest. I trust it - and it would seem that the MD5 hashes are published, but you have to click in a few steps - till it is visible.
Constructive Contribution: In terms of the programs that are made available for download (tools and such alike) might it be possible for you to send an email shot out to the authors - asking them if they would consider providing MD5’s/SHA1’s of their releases, and then simply update the posts?