- Added hash and cert check

master
VollRagm 4 years ago
parent 7919d230c6
commit 20e566d9b7

@ -1,4 +1,8 @@
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.Cryptography;
namespace TestProject
{
@ -6,8 +10,30 @@ namespace TestProject
{
static void Main(string[] args)
{
Console.WriteLine("Hello World!");
Console.ReadLine();
// this originally was meant to test the extractor and now turned into the hash generator
Console.WriteLine("Generating hashes.txt...");
var existing = File.ReadAllLines("hashes.txt").ToList();
var files = Directory.GetFiles(".\\files");
SHA256Managed sha = new SHA256Managed();
foreach (var file in files)
{
try
{
var hash = BitConverter.ToString(sha.ComputeHash(File.ReadAllBytes(file))).Replace("-", "");
if (existing.Contains(hash))
{
Console.WriteLine(file + " is known");
continue;
}
File.AppendAllText("hashes.txt", hash + "\n");
existing.Add(hash);
}
catch
{
Console.WriteLine("exception lol");
}
}
}
}

@ -0,0 +1,57 @@
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Reflection;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Text;
namespace apphost_extract_v2
{
public static class FileChecker
{
private const string HASHFILE = "apphost-hashes.txt";
private static SHA256Managed sha = new SHA256Managed();
private static string[] Hashes;
public static void Load()
{
var path = Path.Combine(Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location), HASHFILE);
if (File.Exists(path))
Hashes = File.ReadAllLines(path);
else
{
Log.Error("apphost-hashes.txt wasn't found, only running cert check.");
Console.WriteLine();
Hashes = new string[0];
}
}
public static bool IsKnownFile(byte[] buffer)
{
var hash = BitConverter.ToString(sha.ComputeHash(buffer)).Replace("-", "");
return Hashes.Contains(hash) || SignedByMS(buffer);
}
public static bool SignedByMS(byte[] buffer)
{
try
{
X509Certificate cert = new X509Certificate(buffer);
return cert.GetCertHashString() == "2485A7AFA98E178CB8F30C9838346B514AEA4769";
}catch { return false; }
}
}
}

@ -1,11 +0,0 @@
using System;
using System.Collections.Generic;
using System.Text;
namespace apphost_extract_v2
{
public class HashChecker
{
}
}

@ -3,6 +3,7 @@ using System.Collections.Generic;
using System.IO;
using System.Reflection.PortableExecutable;
using System.Text;
using System.Threading.Tasks;
namespace apphost_extract_v2.General
{
@ -21,24 +22,33 @@ namespace apphost_extract_v2.General
public void ExtractAll(string outputDir)
{
Directory.CreateDirectory(outputDir);
foreach (var fileEntry in Header.Manifest.FileEntries)
foreach(var fileEntry in Header.Manifest.FileEntries)
//Parallel.ForEach(Header.Manifest.FileEntries, fileEntry =>
{
try
{
var bytes = FileStream.ReadBuffer(fileEntry.Offset, fileEntry.Size);
var name = fileEntry.Name;
if (FileChecker.IsKnownFile(bytes))
{
Log.Info($"Extracting {name} --> Known file", ConsoleColor.Green);
}
else
{
Log.Info($"Extracting {name} --> Unknown file", ConsoleColor.Yellow);
name = name.Insert(0, "_");
}
var filePath = Path.Combine(outputDir, name);
File.WriteAllBytes(filePath, bytes);
Log.Critical($"Extracted {name}");
}
catch (Exception ex)
{
Log.Error($"Could not extract {fileEntry.Name}: {ex.Message}");
}
}
}//);
Console.WriteLine();
}
public abstract void Close();

@ -12,7 +12,9 @@ namespace apphost_extract_v2
{
Log.Info("apphost-extract-v2 by VollRagm\n", ConsoleColor.Yellow);
var fileInfo = GetFileInfo(args);
FileChecker.Load();
var fileInfo = GetFileInfo(new string[] { "net5.0.2.exe" });
var apphostAnalyzer = new Analyzer(fileInfo);
var apphost = apphostAnalyzer.Open();
@ -26,7 +28,7 @@ namespace apphost_extract_v2
var directory = Path.Combine(fileInfo.DirectoryName, fileInfo.Name.Remove(fileInfo.Name.Length - fileInfo.Extension.Length) + "_extracted");
apphost.ExtractAll(directory);
Log.Info("Done.");
Log.Info("Extraction completed successfully and unknown files have been prefixed with _ .");
Console.ReadLine();
}
@ -40,7 +42,8 @@ namespace apphost_extract_v2
{
if (File.Exists(args[0]))
{
return new FileInfo(args[0]);
var fullPath = Path.GetFullPath(args[0]);
return new FileInfo(fullPath);
}
else
{

@ -2,8 +2,13 @@
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>netcoreapp3.1</TargetFramework>
<TargetFrameworks>netcoreapp3.1</TargetFrameworks>
<RootNamespace>apphost_extract_v2</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Debug|netcoreapp3.1|AnyCPU'">
<DebugType>pdbonly</DebugType>
<DebugSymbols>true</DebugSymbols>
</PropertyGroup>
</Project>

Loading…
Cancel
Save