forums.wsusoffline.net

[WSUSUpdateAdmin]

Hi.

I'll look after that.

RTW

[Preyr]

k thx

[WSUSUpdateAdmin]

Hi.

Will it change?

As I see, you put this software into slices and get unpredictable results, which is not surprising.
Whatever I do, even on a plain, non-patched W7 system without network connectivity, I get:

Code: Select all

C:\Users\Administrator\Desktop>sigcheck.exe wsusscn2.cab

Sigcheck v2.50 - File version and signature viewer
Copyright (C) 2004-2016 Mark Russinovich
Sysinternals - www.sysinternals.com

C:\Users\Administrator\Desktop\wsusscn2.cab:
        Verified:       Signed
        Signing date:   07:16 09.02.2016
        Publisher:      Microsoft Corporation
        Company:        n/a
        Description:    n/a
        Product:        n/a
        Prod version:   n/a
        File version:   n/a
        MachineType:    n/a


or:

Code: Select all

C:\Users\Administrator\Desktop>sigcheck.exe -q -c wsusscn2.cab
Path,Verified,Date,Publisher,Company,Description,Product,Product Version,File Version,Machine Type
"C:\Users\Administrator\Desktop\wsusscn2.cab","Signed","07:16 09.02.2016","Microsoft Corporation","n/a","n/a","n/a","n/a","n/a","n/a"


Therefore, I can't see any reason to change the code right now.

RTW

[Preyr]

I was already suspecting the significance of SHA-1 deprecation.

I am rather now questioning why WSUSOU does not check the "Verified" string of sigcheck output. WSUSOU outputs "verified" but does not verify anything at the time of downloading.

[hbuhrmester]

I guess, the point was, that Sigcheck may generate various messages, some of which may even be localized:

Code: Select all

Signed
Unsigned
The digital signature of the object did not verify.
Die digitale Signatur des Objekts konnte nicht bestätigt werden.
Invalid parameter.
Ungültiger Parameter.
Error -2146762495 (0x800b0101)

To show the message "The digital signature of the object did not verify.", you need to take an hexadecimal editor and overwrite some bytes of the file, thus damaging it.

The message "Invalid parameter." is shown for very small files of two bytes length, which consist of one space and one line feed.

The last error message probably means an expired certificate.

Now, if the script only searches for "Unsigned" in the Sigcheck output, it will miss all other messages and possibly generate false negatives.

Alternatives for Sigcheck

Since all supported systems come with some version of the .NET Framework preinstalled, the tools certmgr and chktrust may become an alternative:

Signing and Checking Code with Authenticode
https://msdn.microsoft.com/en-us/librar ... 85%29.aspx

[WSUSUpdateAdmin]

Hi.

Sorry for delay!
I forgot this topic and was just remembered by viewtopic.php?f=4&t=5720.

http://trac.wsusoffline.net/browser/trunk (r786).

Regards,
T. Wittrock

[Preyr]

Thank you for your work.