September 11, 2018 | ||
---|---|---|
View c6c71ef
Allow x509 certs with v1 TBSCertificate sections in the timestamp chain There are some Windows binaries that have certificates with version 1 TBSCertificate sections. This technically isn't allowed by the spec, but the Windows API still seems to report these are being OKAndrew authored on 2018/09/11 05:27:21 |
September 10, 2018 | ||
---|---|---|
View a26ed93
Fix a bug causing nested signatures to trigger the no-countersignature case In an earlier commit, I mistakenly check for whether a nested signature has been seen when determining whether a countersignature is present instead of checking that the countersignature has been seenAndrew authored on 2018/09/10 23:43:08 |
||
View 5f11b08
Allow for the timestampToken OID in place of pkcs7-data OID in the countersignatureAndrew authored on 2018/09/10 23:41:56 |
September 9, 2018 | ||
---|---|---|
View 72771d9
Allow '0' as a counterSignature versionAndrew authored on 2018/09/09 04:16:18 |
September 7, 2018 | ||
---|---|---|
View cc9381a
Add more support for SHA384/SHA512 I think SHA384/SHA512 hashes are supported in all parts of the authenticode signature nowAndrew authored on 2018/09/07 23:46:26 |
||
View b7f6b61
Allow <hashtype>WithRSAEncryption OIDs when expecting <hashtype> OIDs Some of the signature seem to use the former instead, and it appears to be accepted as legitimate, so allow it.Andrew authored on 2018/09/07 09:59:00 |
September 6, 2018 | ||
---|---|---|
View 1b3395f
Fix bug in how ptrs to file data are used for computing Authenticode hash We used to get a pointer to file data without locking and for some samples this pointer would be invalidated by the time we used it. Now, we just store the offset for the sections that should be hashed as part of the Authenticode hash computation and get the file data pointer right before it's needed.Andrew authored on 2018/09/06 07:50:59 |
September 5, 2018 | ||
---|---|---|
View 352a188
Ignore section information when computing Authenticode sig A more reliable way to calculate the authenticode hash appears to be to hash the header (minus the checksum and security table) and then just hash everything between the end of the header and the start of the security section.Andrew authored on 2018/09/05 12:54:32 |
||
View 490566c
Fix actual authenticode hash computation for header overlap case I'm really not sure why my testing earlier didn't catch that the computed hash was not correct, but this seems to fix it in the UPX caseAndrew authored on 2018/09/05 00:28:20 |
September 3, 2018 | ||
---|---|---|
View 125360a
Add more complete support for SHA384, SHA512 hashesAndrew authored on 2018/09/03 11:07:14 |
September 2, 2018 | ||
---|---|---|
View 0f53ea6
Add support for MD5 and SHA256 hash-based validation of the exe code Also refactors the code a bit to consolidate some duplicate functionalityAndrew authored on 2018/09/02 12:29:45 |
September 1, 2018 | ||
---|---|---|
View 6b9e6a4
Allow the countersignature to exist anywhere in unauthAttrsAndrew authored on 2018/09/01 06:02:51 |
||
View 18aed36
Add support for signatures without unauthAttr section and add more dbg msgsAndrew authored on 2018/09/01 03:02:40 |
August 31, 2018 | ||
---|---|---|
View 63ebd65
Add more support for SHA384-based certificatesAndrew authored on 2018/08/31 06:58:09 |
||
View 89f3be1
Replace tabs with spaces in pe.c and crtmgr.c, move debug messageAndrew authored on 2018/08/31 04:17:37 |