- Added hash and cert check

3 years ago · 20e566d9b7
parent 7919d230c6
commit 20e566d9b7
6 changed files with 113 additions and 23 deletions
--- a/src/apphost-extract/TestProject/Program.cs
+++ b/src/apphost-extract/TestProject/Program.cs
@ -1,4 +1,8 @@
 using System;
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
 using System.Security.Cryptography;
 namespace TestProject
 {
@ -6,8 +10,30 @@ namespace TestProject
    {
        static void Main(string[] args)
        {
-            Console.WriteLine("Hello World!");
+            // this originally was meant to test the extractor and now turned into the hash generator
-            Console.ReadLine();
+            Console.WriteLine("Generating hashes.txt...");
            var existing = File.ReadAllLines("hashes.txt").ToList();
            var files = Directory.GetFiles(".\\files");
            SHA256Managed sha = new SHA256Managed();
            foreach (var file in files)
            {
                try
                {
                    var hash = BitConverter.ToString(sha.ComputeHash(File.ReadAllBytes(file))).Replace("-", "");
                    if (existing.Contains(hash))
                    {
                        Console.WriteLine(file + " is known");
                        continue;
                    }
                    File.AppendAllText("hashes.txt", hash + "\n");
                    existing.Add(hash);
                }
                catch
                {
                    Console.WriteLine("exception lol");
                }
            }
        }
    }
--- a/src/apphost-extract/apphost-extract-v2/FileChecker.cs
+++ b/src/apphost-extract/apphost-extract-v2/FileChecker.cs
@ -0,0 +1,57 @@
 using System;
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
 using System.Reflection;
 using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
 using System.Text;
 namespace apphost_extract_v2
 {
    public static class FileChecker
    {
        private const string HASHFILE = "apphost-hashes.txt";
        private static SHA256Managed sha = new SHA256Managed();
        private static string[] Hashes;
        public static void Load()
        {
            var path = Path.Combine(Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location), HASHFILE);
            if (File.Exists(path))
                Hashes = File.ReadAllLines(path);
            else
            {
                Log.Error("apphost-hashes.txt wasn't found, only running cert check.");
                Console.WriteLine();
                Hashes = new string[0];
            }
        }
        public static bool IsKnownFile(byte[] buffer)
        {
            var hash = BitConverter.ToString(sha.ComputeHash(buffer)).Replace("-", "");
            return Hashes.Contains(hash) || SignedByMS(buffer);
        }
        public static bool SignedByMS(byte[] buffer)
        {
            try
            {
                X509Certificate cert = new X509Certificate(buffer);
                return cert.GetCertHashString() == "2485A7AFA98E178CB8F30C9838346B514AEA4769";
            }catch { return false; }
        }
    }
 }
--- a/src/apphost-extract/apphost-extract-v2/HashChecker.cs
+++ b/src/apphost-extract/apphost-extract-v2/HashChecker.cs
@ -1,11 +0,0 @@
 using System;
 using System.Collections.Generic;
 using System.Text;
 namespace apphost_extract_v2
 {
    public class HashChecker
    {
    }
 }
--- a/src/apphost-extract/apphost-extract-v2/Models/General/IApphostFile.cs
+++ b/src/apphost-extract/apphost-extract-v2/Models/General/IApphostFile.cs
@ -3,6 +3,7 @@ using System.Collections.Generic;
 using System.IO;
 using System.Reflection.PortableExecutable;
 using System.Text;
 using System.Threading.Tasks;
 namespace apphost_extract_v2.General
 {
@ -21,24 +22,33 @@ namespace apphost_extract_v2.General
        public void ExtractAll(string outputDir)
        {
            Directory.CreateDirectory(outputDir);
-            foreach (var fileEntry in Header.Manifest.FileEntries)
+          
            foreach(var fileEntry in Header.Manifest.FileEntries)
            //Parallel.ForEach(Header.Manifest.FileEntries, fileEntry =>
            {
                try
                {
                    var bytes = FileStream.ReadBuffer(fileEntry.Offset, fileEntry.Size);
                    var name = fileEntry.Name;
                    if (FileChecker.IsKnownFile(bytes))
                    {
                        Log.Info($"Extracting {name} --> Known file", ConsoleColor.Green);
                    }
                    else
                    {
                        Log.Info($"Extracting {name} --> Unknown file", ConsoleColor.Yellow);
                        name = name.Insert(0, "_");
                    }
                    var filePath = Path.Combine(outputDir, name);
                    File.WriteAllBytes(filePath, bytes);
                    Log.Critical($"Extracted {name}");
                }
                catch (Exception ex)
                {
                    Log.Error($"Could not extract {fileEntry.Name}: {ex.Message}");
                }
-
+            }//);
-            }
+            Console.WriteLine();
        }
        public abstract void Close();
--- a/src/apphost-extract/apphost-extract-v2/Program.cs
+++ b/src/apphost-extract/apphost-extract-v2/Program.cs
@ -12,7 +12,9 @@ namespace apphost_extract_v2
        {
            Log.Info("apphost-extract-v2 by VollRagm\n", ConsoleColor.Yellow);
-            var fileInfo = GetFileInfo(args);
+            FileChecker.Load();
            var fileInfo = GetFileInfo(new string[] { "net5.0.2.exe" });
            var apphostAnalyzer = new Analyzer(fileInfo);
            var apphost = apphostAnalyzer.Open();
@ -26,7 +28,7 @@ namespace apphost_extract_v2
            var directory = Path.Combine(fileInfo.DirectoryName, fileInfo.Name.Remove(fileInfo.Name.Length - fileInfo.Extension.Length) + "_extracted");
            apphost.ExtractAll(directory);
-            Log.Info("Done.");
+            Log.Info("Extraction completed successfully and unknown files have been prefixed with _ .");
            Console.ReadLine();
        }
@ -40,7 +42,8 @@ namespace apphost_extract_v2
                {
                    if (File.Exists(args[0]))
                    {
-                        return new FileInfo(args[0]);
+                        var fullPath = Path.GetFullPath(args[0]);
                        return new FileInfo(fullPath);
                    }
                    else
                    {
--- a/src/apphost-extract/apphost-extract-v2/apphost-extract-v2.csproj
+++ b/src/apphost-extract/apphost-extract-v2/apphost-extract-v2.csproj
@ -2,8 +2,13 @@
  <PropertyGroup>
    <OutputType>Exe</OutputType>
-    <TargetFramework>netcoreapp3.1</TargetFramework>
+    <TargetFrameworks>netcoreapp3.1</TargetFrameworks>
    <RootNamespace>apphost_extract_v2</RootNamespace>
  </PropertyGroup>
  <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Debug|netcoreapp3.1|AnyCPU'">
    <DebugType>pdbonly</DebugType>
    <DebugSymbols>true</DebugSymbols>
  </PropertyGroup>
 </Project>