|
|
|
|
|
|
by ipython
4322 days ago
|
|
|
Neat. Just tried downloading an installer and figured out that it's using the unauthenticatedAttributes structure of the Authenticode signature. These attributes are not part of the signedAttributes which is used to actually authenticate the signature. A quick dump of the asn.1 structure of the authenticode signature block from my installer shows that right after the timestamp extension is a new object with a private OID (presumably assigned to dropbox for this purpose) that includes a unique string. 6519 11: OBJECT IDENTIFIER '1 3 6 1 4 1 42921 1 2 1'
6532 1049: SET {
6536 1045: UTF8String
: 'Dropbox-Installer-Id:DBPREAUTH::msie::xxxx..........................................' Interesting hack, kudos! |
|
|