Page hash verification now works

Had it right from the start, but messed up the python script...
2025-04-04 17:00:11 -05:00 · 2013-03-12 20:43:54 +01:00 · 2013-03-12 20:43:54 +01:00 · 9152c925c0
commit 9152c925c0
parent 0494a7ceb1
2 changed files with 70 additions and 17 deletions
--- a/misc/pagehash.py
+++ b/misc/pagehash.py
@ -7,20 +7,20 @@ from pyasn1.type import univ
 from pyasn1.codec.ber import encoder, decoder

 f = open(sys.argv[1], 'rb')
-b = f.read(1024)
-if b[0:2] != 'MZ':
+filehdr = f.read(1024)
+if filehdr[0:2] != 'MZ':
    print "Not a DOS file."
    sys.exit(0)
-pepos = struct.unpack('<I', b[60:64])[0]
-if b[pepos:pepos+4] != 'PE\0\0':
+pepos = struct.unpack('<I', filehdr[60:64])[0]
+if filehdr[pepos:pepos+4] != 'PE\0\0':
    print "Not a PE file."
    sys.exit(0)
 pepos += 4

-nsections = struct.unpack('<H', b[pepos+2:pepos+4])[0]
+nsections = struct.unpack('<H', filehdr[pepos+2:pepos+4])[0]
 print "#sections", nsections

-magic = struct.unpack('<H', b[pepos+20:pepos+22])[0]
+magic = struct.unpack('<H', filehdr[pepos+20:pepos+22])[0]
 pe32plus = 0
 if magic == 0x20b:
    pe32plus = 1
@ -30,24 +30,24 @@ else:
    print "Unknown magic", magic
    sys.exit(0)

-sectoralign = struct.unpack('<I', b[pepos+52:pepos+56])[0]
+sectoralign = struct.unpack('<I', filehdr[pepos+52:pepos+56])[0]
 print "Sector alignment", sectoralign

 pos = pepos + 112 + pe32plus*16
-nrvas = struct.unpack('<I', b[pos:pos+4])[0]
+nrvas = struct.unpack('<I', filehdr[pos:pos+4])[0]
 print "#rvas", nrvas

 pos += 4
 tpos = pos
 rvas = []
 for i in range(0, nrvas):
-    (p1,p2) = struct.unpack('<II', b[pos:pos+8])
+    (p1,p2) = struct.unpack('<II', filehdr[pos:pos+8])
    rvas.append((p1,p2))
    pos += 8

 sections = []
 for i in range(0, nsections):
-    (vsize,vaddr,rsize,raddr) = struct.unpack('<IIII', b[pos+8:pos+24])
+    (vsize,vaddr,rsize,raddr) = struct.unpack('<IIII', filehdr[pos+8:pos+24])
    pos += 40
    sections.append((vsize,vaddr,rsize,raddr))

@ -95,15 +95,15 @@ while i < len(blob):
    ph.append((offset,data.encode("hex")))
    i += hashlen

-# Calculating first page hash is not working, the normal authenticode
-# hash is calculated like below, but that's not how it should be done...
 if sha1:
    md = hashlib.sha1()
 else:
    md = hashlib.sha256()
-md.update(blob[0:pepos+84])
-md.update(blob[pepos:88:tpos+3*8])
-md.update(blob[tpos+4*8:1024])
+b = filehdr[0:pepos+84]
+b += filehdr[pepos+88:tpos+4*8]
+b += filehdr[tpos+5*8:1024]
+b += '\0'*(4096-1024)
+md.update(b)
 digest = md.hexdigest()

 print ""
--- a/osslsigncode.c
+++ b/osslsigncode.c
@ -995,6 +995,55 @@ static void	extract_page_hash (SpcAttributeTypeAndOptionalValue *obj, unsigned c
 	SpcAttributeTypeAndOptionalValue_free(obj);
 }

+static unsigned char *calc_page_hash(char *indata, unsigned int peheader, int pe32plus, unsigned int sigpos, int phtype)
+{
+	unsigned short nsections = GET_UINT16_LE(indata + peheader + 6);
+	unsigned int pagesize = GET_UINT32_LE(indata + peheader + 56);
+	unsigned int hdrsize = GET_UINT32_LE(indata + peheader + 84);
+	const EVP_MD *md = EVP_get_digestbynid(phtype);
+	int pphlen = 4 + EVP_MD_size(md);
+	int phlen = pphlen * (2 + nsections + sigpos / pagesize);
+	unsigned char *res = malloc(phlen);
+	unsigned char *zeroes = calloc(pagesize, 1);
+	EVP_MD_CTX mdctx;
+
+	EVP_MD_CTX_init(&mdctx);
+	EVP_DigestInit(&mdctx, md);
+	EVP_DigestUpdate(&mdctx, indata, peheader + 88);
+	EVP_DigestUpdate(&mdctx, indata + peheader + 92, 60 + pe32plus*16);
+	EVP_DigestUpdate(&mdctx, indata + peheader + 160 + pe32plus*16, hdrsize - (peheader + 160 + pe32plus*16));
+	EVP_DigestUpdate(&mdctx, zeroes, pagesize - hdrsize);
+	memset(res, 0, 4);
+	EVP_DigestFinal(&mdctx, res + 4, NULL);
+
+	unsigned short sizeofopthdr = GET_UINT16_LE(indata + peheader + 20);
+	char *sections = indata + peheader + 24 + sizeofopthdr;
+	int i, pi = 1;
+	unsigned int lastpos = 0;
+	for (i=0; i<nsections; i++) {
+		unsigned int rs = GET_UINT32_LE(sections + 16);
+		unsigned int ro = GET_UINT32_LE(sections + 20);
+		unsigned int l;
+		for (l=0; l < rs; l+=pagesize, pi++) {
+			PUT_UINT32_LE(ro + l, res + pi*pphlen);
+			EVP_DigestInit(&mdctx, md);
+			if (rs - l < pagesize) {
+				EVP_DigestUpdate(&mdctx, indata + ro + l, rs - l);
+				EVP_DigestUpdate(&mdctx, zeroes, pagesize - (rs - l));
+			} else {
+				EVP_DigestUpdate(&mdctx, indata + ro + l, pagesize);
+			}
+			EVP_DigestFinal(&mdctx, res + pi*pphlen + 4, NULL);
+		}
+		lastpos = ro + rs;
+		sections += 40;
+	}
+	PUT_UINT32_LE(lastpos, res + pi*pphlen);
+	memset(res + pi*pphlen + 4, 0, EVP_MD_size(md));
+	free(zeroes);
+	return res;
+}
+
 static int verify_pe_file(char *indata, unsigned int peheader, int pe32plus,
 						  unsigned int sigpos, unsigned int siglen)
 {
@ -1076,10 +1125,14 @@ static int verify_pe_file(char *indata, unsigned int peheader, int pe32plus,
 	printf("Calculated message digest : %s%s\n\n", hexbuf, mdok?"":"    MISMATCH!!!");

 	if (phlen > 0) {
-		printf("Page hash algorithm: %s\n", OBJ_nid2sn(phtype));
+		printf("Page hash algorithm  : %s\n", OBJ_nid2sn(phtype));
 		tohex(ph, hexbuf, (phlen < 32) ? phlen : 32);
-		printf("Page hash          : %s ...\n\n", hexbuf);
+		printf("Page hash            : %s ...\n", hexbuf);
+		unsigned char *cph = calc_page_hash(indata, peheader, pe32plus, sigpos, phtype);
+		tohex(cph, hexbuf, (phlen < 32) ? phlen : 32);
+		printf("Calculated page hash : %s ...%s\n\n", hexbuf, memcmp(ph, cph, phlen) ? "    MISMATCH!!!":"");
 		free(ph);
+		free(cph);
 	}

 	int seqhdrlen = asn1_simple_hdr_len(p7->d.sign->contents->d.other->value.sequence->data,