For Windows users, it is common practice to install anti-virus software, update systems regularly, choose the source of downloads carefully, and double-check that applications are digitally signed by reputable technology companies. However, are these security practices really enough to keep hackers at bay? This chapter may give readers a very different perspective. In this chapter, we will learn about Windows Authenticode specification, reverse-engineering the signature verification function, WinVerifyTrust, and how to hijack well-known digital signatures.

This chapter is based on the public presentation Subverting Trust in Windows given by Matt Graeber, a security researcher at Specter Ops, at the TROOPERS18 conference in 2018. It introduced how to manage trusted certificate authorities (trust providers), the calculation process for signing certificates, the corresponding authentication API, and malicious exploits in the Windows...

Authenticode is a code-signing technology developed by Microsoft that helps users to check the publisher who signed the program. It also ensures that the signed program has not been tampered with by attackers during transport. Additionally, the signature used to sign must be verified by trusted certificate authorities (CAs) to ensure that the file being signed actually comes from the publisher.

For more information, please refer to Microsoft’s public document Authenticode Digital Signatures https://learn.microsoft.com/en-us/windows-hardware/drivers/install/authenticode. This introduction states that Microsoft has designed the Authenticode specification to provide a digital signature mechanism that allows users to verify the code’s integrity. This integrity proves that the program has not been tampered with by hackers or backdoors, but rather that the original program content has been obtained from a trusted company without forgery.

You can find how to call Windows APIs to verify that a program is signed in Microsoft’s public document, Example C Program: Verifying the Signature of a PE File (docs.microsoft.com/en-us/windows/win32/seccrypto/example-c-program--verifying-the-signature-of-a-pe-file). This document provides the complete C/C++ source code, showing how to call the Windows API to verify the validity of a digital signature.

The following example is the winTrust project in the Chapter#9 folder of the GitHub project. In order to save space, this book only extracts the highlighted code; the complete source code should be referred to in the complete project for detailed reading.

Figure 9.2 shows the main entry section. In Figure 9.2, the main entry is quite compact, with a VerifyEmbeddedSignature function that is designed to read in a specified program to verify the validity of the digital signature and prints out the result on the screen:

Figure...

The following example is the signatureThief project in the Chapter#9 folder of the GitHub project. In order to save space, this book only extracts the highlighted code, and the complete source code should be referred to the complete project for detailed reading.

At this point, the first exploit readers may think of, since signed programs must have an Authenticode signature message at the end of their files, is stealing someone else’s Authenticode signature message directly within our malware, which should bypass the authentication process. Let’s put that to the test.

Figure 9.13 shows the functional design for stealing static Authenticode signature information in the signatureThief project:

Figure 9.13 – The rippedCert function

At lines 26-37 of the code is the design of the rippedCert function. It reads the incoming PE file with fopen and fread, parses the Authenticode signature block pointed to by...

For hackers, is the program unforgeable as long as it is digitally signed and validated? In this section, we will discuss how to bypass digital signature verification.

The following example is the signVerifyBypass project in the Chapter#9 folder of the GitHub project. In order to save space, this book only extracts the highlighted code – readers can refer to the complete project for detailed reading.

Figure 9.17 shows a description of the Windows API CryptSIPVerifyIndirectData function from researcher Matt Graeber’s public presentation, Subverting Trust in Windows:

Figure 9.17 – A description of the Windows API CryptSIPVerifyIndirectData function

In this figure, Matt Graeber describes how after a digitally signed executable has extracted the signature information (i.e., the full WIN_CERTIFICATE structure that Security Directory points to) through CryptSIPGetSignedDataMsg, the signature...

In the previous section, we achieved signature verification spoofing by falsifying the system functions in memory. However, up to this point, the spoofing was only done by patching the function from memory. Now that we understand the details of the hash calculation in the Microsoft white paper, we will try to find flaws in the calculation process and bypass the signature verification perfectly.

As we mentioned earlier, in the final section of the Microsoft white paper, Calculating the PE Image Hash, three items are deliberately avoided in the hashing process: Checksum, which can be altered by implanting a signature message, the Security Directory field, which is used for post-filling, and the structure of the signature message block itself. Since the signature message itself cannot be used as part of a fingerprint hash process, and the signed and valid program is considered safe by the Windows trust system (e.g., anti-virus vendors or the system...

This technique is based on the author’s presentation Digital Signature? Nah, You Don’t Care About That Actually ;) at the iThome Information Security Conference CYBERSEC 2020 in Taiwan. It is mainly based on Matt’s research and extension of the security flaws of Windows path normalization to achieve digital signature forgery.

As we mentioned earlier, the system functions for verifying the digital signature, WinVerifyTrust, will internally call the three export functions in Crypt32.dll – CryptSIPDllIsMyFileType, CryptSIPGetSignedDataMsg, and CryptSIPVerifyIndirectData – and verify that a file on the path has a valid digital signature.

In the previous section, we attacked CryptSIPGetSignedDataMsg by forging a digital signature on any program, and we attacked CryptSIPVerifyIndirectData by hiding a backdoor in a signed program file from a fingerprint hash calculation process. In this section, we will...

Applications with digital signatures are often trusted by anti-virus products. In this chapter, we learned about Microsoft’s Authenticode specification and how to hijack well-known digital signatures. We have found ways to bypass the digital signature verification process on Windows systems, including attacking CryptSIPGetSignedDataMsg by forging a digital signature in any program, attacking CryptSIPVerifyIndirectData by hiding a backdoor in the signature structure from the fingerprint calculation process, and attacking CryptSIPVerifyIndirectData by Skipping Normalization. We hope that after reading this chapter, readers will have a very different understanding of digital signatures.