|
|
|
#!/bin/bash
|
|
|
|
here=$(dirname "$0")
|
|
|
|
test -n "$here" -a -d "$here" || exit
|
|
|
|
cd $here
|
|
|
|
|
|
|
|
if ! which osslsigncode > /dev/null 2>&1; then
|
|
|
|
echo "Please install osslsigncode"
|
|
|
|
exit
|
|
|
|
fi
|
|
|
|
|
|
|
|
# exit if command fails
|
|
|
|
set -e
|
|
|
|
|
|
|
|
mkdir -p stripped >/dev/null 2>&1
|
|
|
|
|
|
|
|
cd signed
|
|
|
|
|
|
|
|
echo "Found $(ls *.exe | wc -w) files to verify."
|
|
|
|
for signed in $(ls *.exe); do
|
|
|
|
echo $signed
|
|
|
|
mine="../dist/$signed"
|
|
|
|
out="../stripped/$signed"
|
|
|
|
size=$( wc -c < $mine )
|
|
|
|
# Step 1: Remove PE signature from signed binary
|
|
|
|
osslsigncode remove-signature -in $signed -out $out
|
|
|
|
# Step 2: Remove checksum and padding from signed binary
|
|
|
|
python3 <<EOF
|
|
|
|
pe_file = "$out"
|
|
|
|
size= $size
|
|
|
|
with open(pe_file, "rb") as f:
|
|
|
|
binary = bytearray(f.read())
|
|
|
|
pe_offset = int.from_bytes(binary[0x3c:0x3c+4], byteorder="little")
|
|
|
|
checksum_offset = pe_offset + 88
|
|
|
|
for b in range(4):
|
|
|
|
binary[checksum_offset + b] = 0
|
|
|
|
l = len(binary)
|
|
|
|
n = l - size
|
|
|
|
if n > 0:
|
|
|
|
assert binary[-n:] == bytearray(n)
|
|
|
|
print("removing %d null bytes"% n)
|
|
|
|
binary = binary[:size]
|
|
|
|
with open(pe_file, "wb") as f:
|
|
|
|
f.write(binary)
|
|
|
|
EOF
|
|
|
|
chmod +x $out
|
|
|
|
if [ ! $(diff $out $mine) ]; then
|
|
|
|
echo "Success!"
|
|
|
|
gpg --sign --armor --detach $signed
|
|
|
|
else
|
|
|
|
echo "failure"
|
|
|
|
fi
|
|
|
|
done
|