如何使用 cli 从 Linux 下的 Windows“exe”文件中提取签名数据

tag-icon tag-icon windows executable signature
如何使用 cli 从 Linux 下的 Windows“exe”文件中提取签名数据

如果你去VirusTotal 链接,有一个名为文件信息的选项卡(我想;我的是荷兰语)。你会看到一个名为

"Authenticode signature block and FileVersionInfo properties"

我想使用Linux cli提取标题下的数据。例子:

Signature verification Signed file, verified signature
Signing date 7:43 AM 11/4/2014
Signers
[+] Microsoft Windows
[+] Microsoft Windows Production PCA 2011
[+] Microsoft Root Certificate Authority 2010
Counter signers
[+] Microsoft Time-Stamp Service
[+] Microsoft Time-Stamp PCA 2010
[+] Microsoft Root Certificate Authority 2010

Camera.exe在 Windows 10 中使用了 来以某种方式提取数据。

我解压了该.exe文件,发现CERTIFICATE里面有一个文件,里面有很多不可读的数据,但也有一些文本,我可以阅读,那就是 - 大致 - 与上面的输出相同。

.exe如何使用 cli 从 Linux 下的Windows 文件中提取签名

答案1

Linux 上有一个工具叫osslsigncode它可以处理 Windows Authenticode 签名。验证二进制文件的签名会产生与示例中显示的类似的输出;在vcredist_x86.exe我必须手上我得到:

$ osslsigncode verify vcredist_x86.exe
Current PE checksum   : 004136A1
Calculated PE checksum: 004136A1

Message digest algorithm  : SHA1
Current message digest    : 0A9F10FB285BA0064B5537023F8BC9E06E173801
Calculated message digest : 0A9F10FB285BA0064B5537023F8BC9E06E173801

Signature verification: ok

Number of signers: 1
        Signer #0:
                Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Corporation
                Issuer : /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Code Signing PCA

Number of certificates: 7
        Cert #0:
                Subject: /OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft Root Authority
                Issuer : /OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft Root Authority
        Cert #1:
                Subject: /OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft Root Authority
                Issuer : /OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft Root Authority
        Cert #2:
                Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Code Signing PCA
                Issuer : /OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft Root Authority
        Cert #3:
                Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Corporation
                Issuer : /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Code Signing PCA
        Cert #4:
                Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=nCipher DSE ESN:D8A9-CFCC-579C/CN=Microsoft Timestamping Service
                Issuer : /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Timestamping PCA
        Cert #5:
                Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=nCipher DSE ESN:10D8-5847-CBF8/CN=Microsoft Timestamping Service
                Issuer : /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Timestamping PCA
        Cert #6:
                Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Timestamping PCA
                Issuer : /OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft Root Authority

Succeeded

您还可以提取签名:

osslsigncode extract-signature vcredist_x86.exe vcredist_x86.sig

答案2

您还可以查看https://github.com/msdhedhi/VerifyWinFileDigitalSignature

这是我不久前编写的java代码,它提取并验证Windows PE文件的数字签名(32位和64位)

相关内容