vcsjones / authenticodelint Goto Github PK
View Code? Open in Web Editor NEWLints an authenticode signed binary.
License: MIT License
Lints an authenticode signed binary.
License: MIT License
Counter signatures are their own type because the .NET type SignerInfo is sealed and non-extendable.
Replace the usage of SignerInfo with our own signer info type and unify it with counter signatures so everything is just "a signature".
Authenticode doesn't even notice something's wrong, nor does authenticode lint. Setting EnableCertPaddingCheck does nothing, as expected.
Incidentally, I find it hilarious from this thread https://developercommunity.visualstudio.com/t/add-linker-option-to-strip-rich-stamp-from-exe-hea/740443 that MS doesn't seem to know this would work.
authlint.exe foo.exe
displays an exception instead of showing help.
Create a rule that validates that the information URL, if one exists, uses the HTTPS scheme.
Not being able to retrieve the certificate for counter signatures prevents examining the certificate quality on counter signatures.
There should be one (or more possibly) rules for checking that a signature has a time stamp countersigner.
Some of the checks will be rather complicated. Simply return Pass / Fail does not give the user a good idea of why a check failed in cases where signatures are checked individually rather than looked at as a whole, such as time stamps.
Currently, per-signature based checks "pass" when the binary is not Authenticode signed at all since there are no signatures to inspect.
The CheckEngine should just auto-fail every check without running them.
Figure out a way to test this.
An implementation of IRuleResultCollector
should be created that create an XML document.
If the -report
parameter is part of the command line arguments, the XML result collector should be added to the list of running collectors and written to the location that -report
specifies.
Since C# supports deterministic builds now, we should enable that.
We should go through subject interface packages to determine signature content.
If -in
is specified more than once, currently the last one "wins". The desirable thing to do here is to just check all -in
options.
This impacts two things. The exit code and the result collectors.
For the result collectors, the result collectors need to know what file they are currently collecting on.
For the exit code, the resulting code should be a safe aggregate. That is, return Success if all files succeed, and return ChecksFailed if any checks failed for any file. The outlier here is what to do with the NoSignature exit code. To simplify, this exit code should be removed. NoSignature we be treated as ChecksFailed.
I'm in the process of adding Authenticode signing to Polly (App-vNext/Polly#1269) and I'd like to add a step to the workflow to validate things worked correctly.
This tool looks good for the job, but the current version in NuGet targets .NET Core 2.1. Could you publish the latest version targeting .NET 6 to NuGet.org please?
If not, I can just look to compile it from source and run it inline instead, but just installing the global tool would be easier 😃
The core inspection functionality in here was moved to https://github.com/vcsjones/AuthenticodeExaminer. Instead of duped code, we should take a dependency on that package.
Catalog files allow placing the authenticode signature outside of the file itself. Currently, the linter has no way of knowing where the catalog file is or validating a file against the catalog.
Catalogs are commonly used for driver packages and many of Windows' own components.
Use WinVerifyTrustEx
to do and end-to-end validation of all signatures.
A command line option should be considered for how revocation checking should be performed, something like -revocationchecktype
with possible values of "Online", "Offline", "None". Online will be the default, for now.
WTD_REVOCATION_CHECK_CHAIN
to WinVerifyTrustEx
.WTD_REVOCATION_CHECK_NONE
to WinVerifyTrustEx
.WTD_CACHE_ONLY_URL_RETRIEVAL | WTD_REVOCATION_CHECK_CHAIN
to WinVerifyTrustEx
.-in
should accept wild cards. For example, `-in "C:\path*.exe". This will result in all files that match the pattern to be linted.
Print the executable name, the version, copyright, etc in verbose mode.
We need an ARM 32-bit and ARM 64-bit test binary to validate everything works.
Hello,
I am trying to use your tool but it doesn't output anything... I don't know what I'm missing.
Installation seems good (it's in French, but it basically says it's successful).
I do have .Net Core 2.1 to 6 with its SDKs (it's a development machine).
$ dotnet --info
SDK .NET (reflétant tous les fichiers global.json) :
Version: 6.0.200
Commit: 4c30de7899
Environnement d'exécution :
OS Name: Windows
OS Version: 10.0.19044
OS Platform: Windows
RID: win10-x64
Base Path: C:\Program Files\dotnet\sdk\6.0.200\
Host (useful for support):
Version: 6.0.2
Commit: 839cdfb0ec
.NET SDKs installed:
2.1.818 [C:\Program Files\dotnet\sdk]
2.2.207 [C:\Program Files\dotnet\sdk]
3.1.416 [C:\Program Files\dotnet\sdk]
5.0.104 [C:\Program Files\dotnet\sdk]
5.0.203 [C:\Program Files\dotnet\sdk]
5.0.211 [C:\Program Files\dotnet\sdk]
5.0.303 [C:\Program Files\dotnet\sdk]
5.0.403 [C:\Program Files\dotnet\sdk]
5.0.404 [C:\Program Files\dotnet\sdk]
5.0.405 [C:\Program Files\dotnet\sdk]
6.0.200 [C:\Program Files\dotnet\sdk]
.NET runtimes installed:
Microsoft.AspNetCore.All 2.1.22 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All]
Microsoft.AspNetCore.All 2.1.24 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All]
Microsoft.AspNetCore.All 2.1.28 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All]
Microsoft.AspNetCore.All 2.1.30 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All]
Microsoft.AspNetCore.All 2.2.8 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All]
Microsoft.AspNetCore.App 2.1.22 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 2.1.24 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 2.1.28 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 2.1.30 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 2.2.8 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 3.0.3 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 3.1.15 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 3.1.21 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 3.1.22 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 5.0.4 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 5.0.5 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 5.0.6 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 5.0.9 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 5.0.12 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 5.0.13 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 5.0.14 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 6.0.2 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.NETCore.App 2.1.22 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 2.1.24 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 2.1.28 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 2.1.30 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 2.2.8 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 3.0.3 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 3.1.15 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 3.1.21 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 3.1.22 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 5.0.4 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 5.0.5 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 5.0.6 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 5.0.9 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 5.0.12 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 5.0.13 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 5.0.14 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 6.0.2 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.WindowsDesktop.App 3.0.3 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Microsoft.WindowsDesktop.App 3.1.15 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Microsoft.WindowsDesktop.App 3.1.21 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Microsoft.WindowsDesktop.App 3.1.22 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Microsoft.WindowsDesktop.App 5.0.4 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Microsoft.WindowsDesktop.App 5.0.5 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Microsoft.WindowsDesktop.App 5.0.6 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Microsoft.WindowsDesktop.App 5.0.9 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Microsoft.WindowsDesktop.App 5.0.12 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Microsoft.WindowsDesktop.App 5.0.13 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Microsoft.WindowsDesktop.App 5.0.14 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Microsoft.WindowsDesktop.App 6.0.2 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
I'm not really sure what to try next. I've looked at previous issues without luck.
Can you help me? Thank you.
Check should look at the key size.
RSA must be >= 2048, ECC >= 256.
Consider upper limit of 4096 for RSA and 384 for ECC in a separate check.
CAB files support authenticode signatures. Ensure checks are compatible, and disable checks that don't make sense.
The digest of the certificate used to sign should be SHA256 or stronger, regardless of the the file digest algorithm. Rule:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.