View digital signature of executable - certificate

Is there a way to view, verify or extract the digital signature information of an executable in WinDbg?
So far I found out that the executable has a security directory:
0:048> !dh customerapp
...
0 [ 0] address [size] of Export Directory
43DC [ 64] address [size] of Import Directory
7000 [ 47C38] address [size] of Resource Directory
6000 [ 1A4] address [size] of Exception Directory
4C600 [ 1ED8] address [size] of Security Directory
...
Looking at the memory does not help:
0:048> db customerapp+4C600
00000000`0044c600 ff ff ff 00 ff ff ff 00-ff ff ff 00 ff ff ff 00 ................
00000000`0044c610 ff ff ff 00 ff ff ff 00-ff ff ff 00 ff ff ff 00 ................
00000000`0044c620 ff ff ff 00 ff ff ff 00-ff ff ff 00 ff ff ff 00 ................
00000000`0044c630 ff ff ff 00 ff ff ff 00-ff ff ff 00 ff ff ff 00 ................
...
I expected to see at least some strings like DigiCert or similar.

Related

How to catch data from SIM

I use a CardReader to communicate to a SIM-card.
For example, I need to get an IMSI from the SIM card.
To do this I send some commands (SELECT 3F00/7F20/6F07):
A0 A4 00 00 02 3F 00
A0 A4 00 00 02 7F 20
A0 A4 00 00 02 6F 07
and here I send READ BINARY command
A0 B0 00 00 09
and after that I receive 90 00 --> Ok - normal ending of the command.
Hey! And where is my IMSI stored?? How can I catch data, which were read by "A0 B0 00 00 09" command?
If I try "A0 C0 00 00 00" command (GET RESPONSE) I will get an Error.

You don't need to send Get Response Command "A0 C0 00 00 00" after Read Data.
There are 9 bytes of data in reply to your Read Data Command "A0 B0 00 00 09".

What are the three 255's before the image in a monochrome .bmp?

I'm trying to figure out bitmap formatting for a project I'm working on, but there's one thing I don't really get. In this .bmp:
00000000 42 4d aa 00 00 00 00 00 00 00 82 00 00 00 6c 00 |BM............l.|
00000010 00 00 0a 00 00 00 0a 00 00 00 01 00 01 00 00 00 |................|
00000020 00 00 28 00 00 00 13 0b 00 00 13 0b 00 00 02 00 |..(.............|
00000030 00 00 02 00 00 00 42 47 52 73 00 00 00 00 00 00 |......BGRs......|
00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000060 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 |................|
00000070 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 00 00 |................|
00000080 00 00 ff c0 00 00 ff c0 00 00 ff c0 00 00 ff c0 |................|
*
000000a0 00 00 ff c0 00 00 aa 80 00 00 |..........|
000000aa
what are the three 256's at offset 122 (line 7). I assume they're some sort of color indicators, but I'm not sure.
This is the image I'm using.

The top part of your hex dump is a "BITMAPINFO structure" (https://msdn.microsoft.com/en-us/library/dd183375(v=vs.85).aspx). This is immediately followed by a color index array bmiColors (although its length may be 0, and you should check this in the BITMAPINFO data).
Although some say that
[t]hough seemingly a simple format, it is complicated by its many different versions, lack of an official specification, lack of any version control process, and ambiguities and contradictions in the documentation.
(http://fileformats.archiveteam.org/wiki/BMP)
you don't actually need to understand each single byte. The various structures either have a fixed size (the initial BITMAPFILEHEADER for example), or have their length as its first value.
A line by line annotation of most well-documented parts:
-------- BITMAPFILEHEADER
00000000 42 4d file type identifier
00000002 aa 00 00 00 size in bytes of the entire file
00000006 00 00 (reserved and must be 0)
00000008 00 00 (reserved and must be 0)
0000000A 82 00 00 00 offset from the beginning of the BITMAPFILEHEADER structure to the bitmap bits
-------- BITMAPINFOHEADER
0000000E 6c 00 00 00 BITMAPINFOHEADER structure size
00000012 0a 00 00 00 image width in pixels
00000016 0a 00 00 00 image height in pixels
0000001A 01 00 number of planes
0000001C 01 00 number of bits per pixel
0000001E 00 00 00 00 compression
00000022 28 00 00 00 size in bytes of image data
00000026 13 0b 00 00 horizontal resolution in pixels-per-meter
0000002A 13 0b 00 00 vertical resolution in pixels-per-meter
0000002E 02 00 00 00 number of colors in the color table that are actually used by the bitmap
00000032 02 00 00 00 number of color indexes that are required ("important")
........ badly documented stuff ........
00000036 42 47 52 73 00 00 00 00 00 00
00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000060 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00
00000070 00 00 00 00 00 00 00 00 00 00
-------- end of BITMAPINFOHEADER
-------- bmiColors array
0000007A ff ff ff 00 color table entry #0
0000007E 00 00 00 00 color table entry #1
-------- Image data
00000082 ff c0 00 00 ff c0 00 00 ff c0 00 00 ff c0
000000a0 00 00 ff c0 00 00 aa 80 00 00
The "number of bits per pixel" at 0000001C is 1:
"1 = The bitmap is monochrome, and the bmiColors member of BITMAPINFO contains two entries. Each bit in the bitmap array represents a pixel. If the bit is clear, the pixel is displayed with the color of the first entry in the bmiColors table; if the bit is set, the pixel has the color of the second entry in the table."
(https://msdn.microsoft.com/en-us/library/dd183376(v=vs.85).aspx)
and the number of colors in the array is reported to be 2. So the bmiColors array contains 2 elements in Microsoft's RGBQUAD format, with values in the odd order Blue, Green, Red, and Reserved.
In short: in your image, a pixel value of 0 (a 0 bit in a monochrome image) is FFFFFF: white, and a pixel value of 1 is 000000: black.

SCL011 contactless Card Reader and Mifare 1k(classic) authentification

I have SCL011 Card Reader and need to read/write Mifare 1k cards. But I just can't get over Authentification step....
Card Reader should handle Mifare 1k cards:
Antenna ISO/IEC 14443 compliant design
Baudrate up to 848 Kbps
Supported standards:
ISO/IEC 14443-4 Typ A & B
MIFARE: Classic 1K and 4K, DESFire, Ultralight, MIFARE Plus
FeliCa™
NFC forum tag type 1, 2, 3, 4
iCLASS UID*
I have also updated to the latest firmware (1.20)
http://support.identive-group.com/dfu_fw.php?OS=windows&readerno=85
card is connected and I can read the UID of the card with ff ca 00 00 00
I have also tried to read the sector directly without authorization ff b0 00 00 10 and I get message:
69 82 : Command not allowed. Security status not satisfied.
it means I need authorize myself, but if I try ff 82 00 00 06 ff ff ff ff ff ff or any other standard keys I always get back:
69 88 : Command not allowed. SM data objects incorrect.
funny thing is, that I can read and write this card without problems with my Nexus and Lumia phones...
What I'm doing wrong? Thanks for any help!
keys I have already tried:
* ff 82 00 00 06 ff ff ff ff ff ff
* ff 82 00 00 06 a0 b0 c0 d0 e0 f0
* ff 82 00 00 06 a1 b1 c1 d1 e1 f1
* ff 82 00 00 06 a0 a1 a2 a3 a4 a5
* ff 82 00 00 06 b0 b1 b2 b3 b4 b5
* ff 82 00 00 06 4d 3a 99 c3 51 dd
* ff 82 00 00 06 1a 98 2c 7e 45 9a
* ff 82 00 00 06 00 00 00 00 00 00
* ff 82 00 00 06 d3 f7 d3 f7 d3 f7
* ff 82 00 00 06 aa bb cc dd ee ff

Solution: Please google/search "Multiprotocol contactless mobile reader, Reference manual" or "SCL01X Multiprotocol contactless stationary reader".
It is a very nice references to start with SCL reader's APDUs. There are some examples inside.
Answer: In your case P2 value in the APDU Command incorrect and you got SW1SW2 = 0x6988 - "Key number not valid".
Where P2 can have the following values (please refer to MIFARE documentation from NXP for
further details on what is key A and Key B):
• 0x60 to use the Key A
• 0x61 to use the Key B

How to solve "Error 13 while loading file" when using Qemu?

I write the following bytes into a file named disk.img
FA 8D 36 1B 7C E8 01 00 F4 AC 3C 00 74 0C B4 0E
BB 07 00 B9 01 00 CD 10 EB EF C3 4D 61 79 20 74
68 65 20 66 6F 72 63 65 20 62 65 20 77 69 74 68
20 79 6F 75 21 0D 0A 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
..enough zero to make the size of file 512bytes.
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA
The above bytes are proper instructions and magic number that should work when loading into the boot sector. But after I executed "qemu-X86_64 disk.img", error happens.
Error -13 while loading disk.img
Does anyone know how to solve the problem or what is the reason that might lead to this error?
Thank you!

I don't know if you can fill an image with just anything and expect it to work just because you have 55 AA in the correct place. Since you seem to be writing a bootloader make sure your code thinks it is executing at the correct place. It should be in offset 0x7C00 (if I remember this correctly, double check that). You set it by writing the line [org 0x7C00] at the top of your assembly file.
Also I'm not sure you can have only a 512 byte file. Try to make the disk image bigger than that using something like dd if=/dev/zero of=disk.img bs=512 count=2000 and then just copy your bootloader to the first part of the disk using dd again.
Also, you should use the -hda or -fda tags, so it would be qemu -hda disk.img. -hda means hard drive image, and -fda means floppy disk image.

sed extract data from dos text file convert to csv

I need to pull RAM information from several cpuz reports and put them into a csv for reporting reasons.
below is an example text file (snipped) which contains the text i want to extract.
I want to extract all the text following the lines beginning with DIMM but only where the next line begins with tab and SMBus address, and going down to nominal voltage. I'd then like to split them into columns (although I only really care about the type, size and max bandwidth)
the resultant csv would have the following columns (and 2 rows in this example)
computer name (from file name), Dimm #, smbus address, memory type, manufacturer, etc.
However I have fallen at the first, extraction phase. I was using sed but fell over at this multiline command:
sed -n -e 'N;/DIMM #\t*[0-9]\r\n\t/,/Nominal/p' cpuz-FHD505.txt
for some reason it only picks up the DIMM #2 block.
what sed statement should I use to just give me the two dimm blocks up to the line including Nominal voltage?
to be honest I'm probably going to give up and write this in python anyway as I'm more familiar, but I'd love to know where I've screwed up on this multiline sed statement.
cpuz output:-
Chipset
-------------------------------------------------------------------------
Northbridge Intel i845G rev. A1
Southbridge Intel 82801DB (ICH4) rev. 01
Memory Type DDR
Memory Size 1024 MBytes
Memory Frequency 132.9 MHz (1:1)
CAS# latency (CL) 2.0
RAS# to CAS# delay (tRCD) 3
RAS# Precharge (tRP) 3
Cycle Time (tRAS) 6
DRAM Idle Timer 16
Memory SPD
-------------------------------------------------------------------------
DIMM # 1
SMBus address 0x50
Memory type DDR
Manufacturer (ID) Infineon (C1494E46494E454F)
Size 512 MBytes
Max bandwidth PC2700 (166 MHz)
Part number 64D64320GU6B
Serial number 075ADD21
Manufacturing date Week 56/Year 03
Number of banks 2
Data width 64 bits
Correction None
Registered no
Buffered no
Nominal Voltage 2.50 Volts
EPP no
XMP no
JEDEC timings table CL-tRCD-tRP-tRAS-tRC # frequency
JEDEC #1 2.0-3-3-6-n.a. # 133 MHz
JEDEC #2 2.5-3-3-7-n.a. # 166 MHz
DIMM # 2
SMBus address 0x51
Memory type DDR
Manufacturer (ID) Samsung (CE00000000000000)
Size 512 MBytes
Max bandwidth PC2700 (166 MHz)
Part number M3 68L6423ETN-CB3
Serial number 060EFC37
Manufacturing date Week 54/Year 04
Number of banks 2
Data width 64 bits
Correction None
Registered no
Buffered no
Nominal Voltage 2.50 Volts
EPP no
XMP no
JEDEC timings table CL-tRCD-tRP-tRAS-tRC # frequency
JEDEC #1 2.0-3-3-6-n.a. # 133 MHz
JEDEC #2 2.5-3-3-7-n.a. # 166 MHz
DIMM # 1
SPD registers
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00 80 08 07 0D 0A 02 40 00 04 60 70 00 82 08 00 01
10 0E 04 0C 01 02 20 C0 75 70 00 00 48 30 48 2A 40
20 75 75 45 45 00 00 00 00 00 3C 48 30 2D 55 00 00
30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01
40 C1 49 4E 46 49 4E 45 4F 08 36 34 44 36 34 33 32
50 30 47 55 36 42 20 20 20 20 20 20 01 4A 03 38 07
60 5A DD 21 00 00 00 00 00 00 00 00 00 00 00 00 00
70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
80 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
90 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
A0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
B0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
C0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
D0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
DIMM # 2
SPD registers
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00 80 08 07 0D 0A 02 40 00 04 60 70 00 82 08 00 01
10 0E 04 0C 01 02 20 C0 75 70 00 00 48 30 48 2A 40
20 80 80 45 45 00 00 00 00 00 3C 48 30 2D 55 00 00
30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 27
40 CE 00 00 00 00 00 00 00 01 4D 33 20 36 38 4C 36
50 34 32 33 45 54 4E 2D 43 42 33 20 4E 45 04 36 06
60 0E FC 37 00 58 39 42 36 37 30 30 00 00 00 00 00
70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
80 00 03 B2 10 09 19 FF FF FF FF FF 05 12 05 FF FF
90 00 03 B2 10 09 39 FF FF FF FF FF 02 20 18 FF FF
A0 00 03 B2 10 09 19 FF FF FF FF FF 04 23 54 FF FF
B0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
C0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
D0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
Monitoring
-------------------------------------------------------------------------
Mainboard Model 07E4h (0x00000148 - 0x00024680)
LPCIO
-------------------------------------------------------------------------
LPCIO Vendor SMSC
LPCIO Vendor ID 0x55
LPCIO Chip ID 0x6D
Config Mode I/O address 0x2E
Config Mode LDN 0x8
Config Mode registers
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 00
10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
20 6D 01 09 00 04 00 2E 00 00 00 00 00 00 00 00 00
30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Hardware Monitors
-------------------------------------------------------------------------
Hardware monitor SMSC EMC6D10X
Voltage 0 0.00 Volts [0x0] (+1.5V)
Voltage 1 1.47 Volts [0x7D] (CPU VCORE)
Voltage 2 3.26 Volts [0xBE] (ATX +3.3V)
Voltage 3 5.10 Volts [0xC4] (ATX +5V)
Voltage 4 11.98 Volts [0xBF] (ATX +12V)
Temperature 0 0°C (32°F) [0x0] (Diode 1)
Temperature 1 24°C (75°F) [0x18] (Internal)
Temperature 2 33°C (91°F) [0x21] (Diode 2)
Fan 0 1455 RPM [0xE7F] (FANIN0)
Register space SMBus, base address = 0x0FC00
SMBus request channel 0x0, address 0x2E
output:
DIMM # 2
SMBus address 0x51
Memory type DDR
Manufacturer (ID) Samsung (CE00000000000000)
Size 512 MBytes
Max bandwidth PC2700 (166 MHz)
Part number M3 68L6423ETN-CB3
Serial number 060EFC37
Manufacturing date Week 54/Year 04
Number of banks 2
Data width 64 bits
Correction None
Registered no
Buffered no
Nominal Voltage 2.50 Volts
EPP no

Give this a try:
sed -n ':a; /^DIMM/,/^[[:blank:]]*Nominal Voltage/ N; /^DIMM/,/[[:blank:]]*Nominal Voltage/ ! d ;/[[:blank:]]*Nominal Voltage/ {/[[:blank:]]*Nominal Voltage/p;d}; ba' cpuz-FHD505.txt

awk -vRS="" -F"\n" '/DIMM/&&$2~/SMBus/{
for(i=1;i<=NF;i++) {
print $i
# from here, you process the columns you need
}
}' file