lukechilds
/
electrum
mirror of https://github.com/lukechilds/electrum.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Add script to strip signature from signed binary

3.2.x
root 7 years ago
committed by ThomasV
parent
95bbd9593b
commit
240dc888ec
2 changed files with 63 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 18
      contrib/build-wine/README.md
  2. 45
      contrib/build-wine/unsign.sh

18
contrib/build-wine/README.md
View File

@ -61,3 +61,21 @@ certificate/key) and one or multiple trusted verifiers:
`sign.sh` will check if the signatures match the signer's files. This ensures that the signer's
build environment is not compromised and that the binaries can be reproduced by anyone.
Verify Integrity of signed binary
=================================
Every user can verify that the official binary was created from the source code in this
repository. To do so, the Authenticode signature needs to be stripped since the signature
is not reproducible.
This procedure removes the differences between the signed and unsigned binary:
1. Remove the signature from the signed binary using osslsigncode or signtool.
2. Set the COFF image checksum for the signed binary to 0x0. This is necessary
because pyinstaller doesn't generate a checksum.
3. Append null bytes to the _unsigned_ binary until the byte count is a multiple
of 8.
The script `unsign.sh` performs these steps.

45
contrib/build-wine/unsign.sh
View File

@ -0,0 +1,45 @@
#!/bin/bash
here=$(dirname "$0")
test -n "$here" -a -d "$here" || exit
cd $here
if ! which osslsigncode > /dev/null 2>&1; then
echo "Please install osslsigncode"
fi
if [ $# -neq 2 ]; then
echo "Usage: $0 signed_binary unsigned_binary"
fi
out="$1-stripped.exe"
set -ex
echo "Step 1: Remove PE signature from signed binary"
osslsigncode remove-signature -in $1 -out $out
echo "Step 2: Remove checksum from signed binary"
python3 <<EOF
pe_file = "$out"
with open(pe_file, "rb") as f:
binary = bytearray(f.read())
pe_offset = int.from_bytes(binary[0x3c:0x3c+4], byteorder="little")
checksum_offset = pe_offset + 88
for b in range(4):
binary[checksum_offset + b] = 0
with open(pe_file, "wb") as f:
f.write(binary)
EOF
bytes=$( wc -c < $2 )
bytes=$((8 - ($bytes%8)))
bytes=$(($bytes % 8))
echo "Step 3: Appending $bytes null bytes to unsigned binary"
truncate -s +$bytes $2
diff $out $2 && echo "Success!"
Write Preview
Loading…
Cancel
Save