- Added hash and cert check

master
VollRagm 4 years ago
parent 7919d230c6
commit 20e566d9b7

@ -1,4 +1,8 @@
using System; using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.Cryptography;
namespace TestProject namespace TestProject
{ {
@ -6,8 +10,30 @@ namespace TestProject
{ {
static void Main(string[] args) static void Main(string[] args)
{ {
Console.WriteLine("Hello World!"); // this originally was meant to test the extractor and now turned into the hash generator
Console.ReadLine(); Console.WriteLine("Generating hashes.txt...");
var existing = File.ReadAllLines("hashes.txt").ToList();
var files = Directory.GetFiles(".\\files");
SHA256Managed sha = new SHA256Managed();
foreach (var file in files)
{
try
{
var hash = BitConverter.ToString(sha.ComputeHash(File.ReadAllBytes(file))).Replace("-", "");
if (existing.Contains(hash))
{
Console.WriteLine(file + " is known");
continue;
}
File.AppendAllText("hashes.txt", hash + "\n");
existing.Add(hash);
}
catch
{
Console.WriteLine("exception lol");
}
}
} }
} }

@ -0,0 +1,57 @@
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Reflection;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Text;
namespace apphost_extract_v2
{
public static class FileChecker
{
private const string HASHFILE = "apphost-hashes.txt";
private static SHA256Managed sha = new SHA256Managed();
private static string[] Hashes;
public static void Load()
{
var path = Path.Combine(Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location), HASHFILE);
if (File.Exists(path))
Hashes = File.ReadAllLines(path);
else
{
Log.Error("apphost-hashes.txt wasn't found, only running cert check.");
Console.WriteLine();
Hashes = new string[0];
}
}
public static bool IsKnownFile(byte[] buffer)
{
var hash = BitConverter.ToString(sha.ComputeHash(buffer)).Replace("-", "");
return Hashes.Contains(hash) || SignedByMS(buffer);
}
public static bool SignedByMS(byte[] buffer)
{
try
{
X509Certificate cert = new X509Certificate(buffer);
return cert.GetCertHashString() == "2485A7AFA98E178CB8F30C9838346B514AEA4769";
}catch { return false; }
}
}
}

@ -1,11 +0,0 @@
using System;
using System.Collections.Generic;
using System.Text;
namespace apphost_extract_v2
{
public class HashChecker
{
}
}

@ -3,6 +3,7 @@ using System.Collections.Generic;
using System.IO; using System.IO;
using System.Reflection.PortableExecutable; using System.Reflection.PortableExecutable;
using System.Text; using System.Text;
using System.Threading.Tasks;
namespace apphost_extract_v2.General namespace apphost_extract_v2.General
{ {
@ -21,24 +22,33 @@ namespace apphost_extract_v2.General
public void ExtractAll(string outputDir) public void ExtractAll(string outputDir)
{ {
Directory.CreateDirectory(outputDir); Directory.CreateDirectory(outputDir);
foreach(var fileEntry in Header.Manifest.FileEntries) foreach(var fileEntry in Header.Manifest.FileEntries)
//Parallel.ForEach(Header.Manifest.FileEntries, fileEntry =>
{ {
try try
{ {
var bytes = FileStream.ReadBuffer(fileEntry.Offset, fileEntry.Size); var bytes = FileStream.ReadBuffer(fileEntry.Offset, fileEntry.Size);
var name = fileEntry.Name; var name = fileEntry.Name;
if (FileChecker.IsKnownFile(bytes))
{
Log.Info($"Extracting {name} --> Known file", ConsoleColor.Green);
}
else
{
Log.Info($"Extracting {name} --> Unknown file", ConsoleColor.Yellow);
name = name.Insert(0, "_");
}
var filePath = Path.Combine(outputDir, name); var filePath = Path.Combine(outputDir, name);
File.WriteAllBytes(filePath, bytes); File.WriteAllBytes(filePath, bytes);
Log.Critical($"Extracted {name}");
} }
catch (Exception ex) catch (Exception ex)
{ {
Log.Error($"Could not extract {fileEntry.Name}: {ex.Message}"); Log.Error($"Could not extract {fileEntry.Name}: {ex.Message}");
} }
}//);
} Console.WriteLine();
} }
public abstract void Close(); public abstract void Close();

@ -12,7 +12,9 @@ namespace apphost_extract_v2
{ {
Log.Info("apphost-extract-v2 by VollRagm\n", ConsoleColor.Yellow); Log.Info("apphost-extract-v2 by VollRagm\n", ConsoleColor.Yellow);
var fileInfo = GetFileInfo(args); FileChecker.Load();
var fileInfo = GetFileInfo(new string[] { "net5.0.2.exe" });
var apphostAnalyzer = new Analyzer(fileInfo); var apphostAnalyzer = new Analyzer(fileInfo);
var apphost = apphostAnalyzer.Open(); var apphost = apphostAnalyzer.Open();
@ -26,7 +28,7 @@ namespace apphost_extract_v2
var directory = Path.Combine(fileInfo.DirectoryName, fileInfo.Name.Remove(fileInfo.Name.Length - fileInfo.Extension.Length) + "_extracted"); var directory = Path.Combine(fileInfo.DirectoryName, fileInfo.Name.Remove(fileInfo.Name.Length - fileInfo.Extension.Length) + "_extracted");
apphost.ExtractAll(directory); apphost.ExtractAll(directory);
Log.Info("Done."); Log.Info("Extraction completed successfully and unknown files have been prefixed with _ .");
Console.ReadLine(); Console.ReadLine();
} }
@ -40,7 +42,8 @@ namespace apphost_extract_v2
{ {
if (File.Exists(args[0])) if (File.Exists(args[0]))
{ {
return new FileInfo(args[0]); var fullPath = Path.GetFullPath(args[0]);
return new FileInfo(fullPath);
} }
else else
{ {

@ -2,8 +2,13 @@
<PropertyGroup> <PropertyGroup>
<OutputType>Exe</OutputType> <OutputType>Exe</OutputType>
<TargetFramework>netcoreapp3.1</TargetFramework> <TargetFrameworks>netcoreapp3.1</TargetFrameworks>
<RootNamespace>apphost_extract_v2</RootNamespace> <RootNamespace>apphost_extract_v2</RootNamespace>
</PropertyGroup> </PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Debug|netcoreapp3.1|AnyCPU'">
<DebugType>pdbonly</DebugType>
<DebugSymbols>true</DebugSymbols>
</PropertyGroup>
</Project> </Project>

Loading…
Cancel
Save