diff --git a/src/apphost-extract/TestProject/Program.cs b/src/apphost-extract/TestProject/Program.cs
index 398757b..b0c340e 100644
--- a/src/apphost-extract/TestProject/Program.cs
+++ b/src/apphost-extract/TestProject/Program.cs
@@ -1,4 +1,8 @@
using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Security.Cryptography;
namespace TestProject
{
@@ -6,8 +10,30 @@ namespace TestProject
{
static void Main(string[] args)
{
- Console.WriteLine("Hello World!");
- Console.ReadLine();
+ // this originally was meant to test the extractor and now turned into the hash generator
+ Console.WriteLine("Generating hashes.txt...");
+ var existing = File.ReadAllLines("hashes.txt").ToList();
+ var files = Directory.GetFiles(".\\files");
+ SHA256Managed sha = new SHA256Managed();
+ foreach (var file in files)
+ {
+ try
+ {
+ var hash = BitConverter.ToString(sha.ComputeHash(File.ReadAllBytes(file))).Replace("-", "");
+ if (existing.Contains(hash))
+ {
+ Console.WriteLine(file + " is known");
+ continue;
+ }
+ File.AppendAllText("hashes.txt", hash + "\n");
+ existing.Add(hash);
+ }
+ catch
+ {
+ Console.WriteLine("exception lol");
+ }
+ }
+
}
}
diff --git a/src/apphost-extract/apphost-extract-v2/FileChecker.cs b/src/apphost-extract/apphost-extract-v2/FileChecker.cs
new file mode 100644
index 0000000..f147c97
--- /dev/null
+++ b/src/apphost-extract/apphost-extract-v2/FileChecker.cs
@@ -0,0 +1,57 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Reflection;
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+
+namespace apphost_extract_v2
+{
+ public static class FileChecker
+ {
+ private const string HASHFILE = "apphost-hashes.txt";
+ private static SHA256Managed sha = new SHA256Managed();
+ private static string[] Hashes;
+
+ public static void Load()
+ {
+ var path = Path.Combine(Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location), HASHFILE);
+ if (File.Exists(path))
+ Hashes = File.ReadAllLines(path);
+ else
+ {
+ Log.Error("apphost-hashes.txt wasn't found, only running cert check.");
+ Console.WriteLine();
+ Hashes = new string[0];
+ }
+ }
+
+ public static bool IsKnownFile(byte[] buffer)
+ {
+ var hash = BitConverter.ToString(sha.ComputeHash(buffer)).Replace("-", "");
+ return Hashes.Contains(hash) || SignedByMS(buffer);
+ }
+
+ public static bool SignedByMS(byte[] buffer)
+ {
+ try
+ {
+ X509Certificate cert = new X509Certificate(buffer);
+ return cert.GetCertHashString() == "2485A7AFA98E178CB8F30C9838346B514AEA4769";
+ }catch { return false; }
+ }
+
+
+
+
+
+
+
+
+
+
+
+ }
+}
diff --git a/src/apphost-extract/apphost-extract-v2/HashChecker.cs b/src/apphost-extract/apphost-extract-v2/HashChecker.cs
deleted file mode 100644
index c846a8e..0000000
--- a/src/apphost-extract/apphost-extract-v2/HashChecker.cs
+++ /dev/null
@@ -1,11 +0,0 @@
-using System;
-using System.Collections.Generic;
-using System.Text;
-
-namespace apphost_extract_v2
-{
- public class HashChecker
- {
-
- }
-}
diff --git a/src/apphost-extract/apphost-extract-v2/Models/General/IApphostFile.cs b/src/apphost-extract/apphost-extract-v2/Models/General/IApphostFile.cs
index 8ea0322..21b7fe5 100644
--- a/src/apphost-extract/apphost-extract-v2/Models/General/IApphostFile.cs
+++ b/src/apphost-extract/apphost-extract-v2/Models/General/IApphostFile.cs
@@ -3,6 +3,7 @@ using System.Collections.Generic;
using System.IO;
using System.Reflection.PortableExecutable;
using System.Text;
+using System.Threading.Tasks;
namespace apphost_extract_v2.General
{
@@ -21,24 +22,33 @@ namespace apphost_extract_v2.General
public void ExtractAll(string outputDir)
{
Directory.CreateDirectory(outputDir);
- foreach (var fileEntry in Header.Manifest.FileEntries)
+
+ foreach(var fileEntry in Header.Manifest.FileEntries)
+ //Parallel.ForEach(Header.Manifest.FileEntries, fileEntry =>
{
try
{
var bytes = FileStream.ReadBuffer(fileEntry.Offset, fileEntry.Size);
var name = fileEntry.Name;
+ if (FileChecker.IsKnownFile(bytes))
+ {
+ Log.Info($"Extracting {name} --> Known file", ConsoleColor.Green);
+ }
+ else
+ {
+ Log.Info($"Extracting {name} --> Unknown file", ConsoleColor.Yellow);
+ name = name.Insert(0, "_");
+ }
+
var filePath = Path.Combine(outputDir, name);
File.WriteAllBytes(filePath, bytes);
-
- Log.Critical($"Extracted {name}");
-
}
catch (Exception ex)
{
Log.Error($"Could not extract {fileEntry.Name}: {ex.Message}");
}
-
- }
+ }//);
+ Console.WriteLine();
}
public abstract void Close();
diff --git a/src/apphost-extract/apphost-extract-v2/Program.cs b/src/apphost-extract/apphost-extract-v2/Program.cs
index 55f8b95..34f505a 100644
--- a/src/apphost-extract/apphost-extract-v2/Program.cs
+++ b/src/apphost-extract/apphost-extract-v2/Program.cs
@@ -12,7 +12,9 @@ namespace apphost_extract_v2
{
Log.Info("apphost-extract-v2 by VollRagm\n", ConsoleColor.Yellow);
- var fileInfo = GetFileInfo(args);
+ FileChecker.Load();
+
+ var fileInfo = GetFileInfo(new string[] { "net5.0.2.exe" });
var apphostAnalyzer = new Analyzer(fileInfo);
var apphost = apphostAnalyzer.Open();
@@ -26,7 +28,7 @@ namespace apphost_extract_v2
var directory = Path.Combine(fileInfo.DirectoryName, fileInfo.Name.Remove(fileInfo.Name.Length - fileInfo.Extension.Length) + "_extracted");
apphost.ExtractAll(directory);
- Log.Info("Done.");
+ Log.Info("Extraction completed successfully and unknown files have been prefixed with _ .");
Console.ReadLine();
}
@@ -40,7 +42,8 @@ namespace apphost_extract_v2
{
if (File.Exists(args[0]))
{
- return new FileInfo(args[0]);
+ var fullPath = Path.GetFullPath(args[0]);
+ return new FileInfo(fullPath);
}
else
{
diff --git a/src/apphost-extract/apphost-extract-v2/apphost-extract-v2.csproj b/src/apphost-extract/apphost-extract-v2/apphost-extract-v2.csproj
index 119f455..07720de 100644
--- a/src/apphost-extract/apphost-extract-v2/apphost-extract-v2.csproj
+++ b/src/apphost-extract/apphost-extract-v2/apphost-extract-v2.csproj
@@ -2,8 +2,13 @@
Exe
- netcoreapp3.1
+ netcoreapp3.1
apphost_extract_v2
+
+ pdbonly
+ true
+
+