PMA 412: Signing with Authenticode (15 pts)

What You Need for This Project

A Windows system. I used Windows Server 2016.

Purpose

To practice signing an EXE with a code-signing certificate.

Properly signed code identifies the author and has a signature that validates correctly, as shown below.

Install JDK on Windows

We're using JSign, a Java tool, so you must first install the Java Development Kit.

In a Web browser, go to

https://www.oracle.com/java/technologies/javase-jdk15-downloads.html

Download the Windows x64 Installer, as shown below.

Run the installer and install the software with the default options.

Finding the Java Path

In Windows Explorer, find the Java "bin" directory. The path depends on the version of Java you have installed.

On my system, the path was

C:\Program Files\Java\jdk-15.0.2\bin

as shown below.

Adjusting the PATH Environment Variable

Open Control Panel. Click "System and Security. Click System.

In the System window, on the left side, click "Advanced system settings".

In System Properties, on the Advanced tab, click the "Environment Variables..." button.

In the "Environment Variables" box, at the top, double-click Path.

In the "Edit environment variable" box, on the right side, click the New button.

Enter the path to the Java "bin" folder on the new line, as shown below.

Click OK.

Testing the PATH

Close any open Command Prompt windows and open a new Command Prompt window.

Then execute these commands:

java -version keytool

Both commands should run without errors, as shown below.

Download JSign

On Windows, in Firefox, go to

https://github.com/ebourg/jsign/releases/tag/3.1

Download jsign-3.1.jar and save it in your Downloads folder.

Download an EXE to Sign

On Windows, in Firefox, go to

smiley.exe

Save smiley.exe in your Downloads folder.

Making a Code Signing Certificate

Real code-signing certificates cost hundreds of dollars, so for this project, we'll use a free self-signed certificate.

In the Command Prompt window, execute these commands:

cd cd Downloads keytool -genkey -v -keystore self-signed.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 365

A prompt asks for a "keystore password". Enter password twice.

Then a series of question asks for your name, etc. You can press Enter for each question except the last one, which you must answer yes to, as shown below.

Finding the Alias Name

To see the alias name inside the certificate, execute the following command:

keytool -list -v -keystore self-signed.keystore | more

When it asks for a password, enter password

The alias is alias_name, as shown below.

Signing the EXE

In the Command Prompt window, execute these commands. Notice that the last two lines are parts of the same command, connected by the "^" continuation character.

copy smiley.exe smiley_selfsigned.exe java -jar jsign-3.1.jar --keystore self-signed.keystore --alias alias_name ^ --storepass password --tsaurl http://ts.ssl.com --tsmode RFC3161 smiley_selfsigned.exe dir

The file is signed, and becomes several kilobytes larger than the unsigned version, as shown below.

Flag M 412.1: Error (10 pts)
In Windows Explorer, open your Downloads folder. Right-click smiley_selfsigned.exe and click Properties.
On the "Digital Signatures" tab, click the Unknown name.
Click the Details button.
The flag is the word covered by a green rectangle in the image below.

Modifying the EXE

If the file is altered, the signature becomes invalid.

If you don't have it already, download and install HxD from:

https://mh-nexus.de/en/hxd/

In the Command Prompt window, execute this command.

copy smiley_selfsigned.exe smiley_altered.exe

Launch HxD and open smiley_altered.exe.

Change the word DOS to DAS, as shown below, and then save the file.

Flag M 412.2: Status (5 pts)
In Windows Explorer, open your Downloads folder. Right-click smiley_altered.exe and click Properties.
On the "Digital Signatures" tab, click the Unknown name.
Click the Details button.
The flag is the word covered by a green rectangle in the image below.

References

Installation of the JDK on Microsoft Windows Platforms

Microsoft Authenticode Code Signing in Linux with Jsign

Posted 2-21-21 by Sam Bowne