I have a PE binary with a digital signature. I want to get the original PE hash (not the hash of the whole file).
I can't figure out how to read it from the file. The Authenticode spec suggests the PKCS#7 signature block (e.g. the Attribute Certificate Table) has a ContentInfo field that contains the original PE hash. Unfortunately, Microsoft doesn't define a ContentInfo structure. Nor does the PKCS#7 spec.
Recalculating the hash won't help if the file was tampered.
PKCS7 (aka CMS) most certainly does define the generic ContentInfo. See rfc2630 section 3 et succ, or rfc2315 section 7 (no anchor to link):
ContentInfo ::= SEQUENCE {
contentType ContentType,
content [0] EXPLICIT ANY DEFINED BY contentType }
ContentType ::= OBJECT IDENTIFIER
But this is deliberately so flexible as to be useless in processing the data: it can contain any type of data as long as there is an OID to identify that type of data.
You aren't clear on your source, but my first google hit for "Authenticode signature format" is download.microsoft.com/download/9/c/5/9c5b2167-8017.../Authenticode_PE.docx and that says on page 7 regarding the contentInfo of the SignedData used for Authenticode:
• contentType must be set to SPC_INDIRECT_DATA_OBJID (1.3.6.1.4.1.311.2.1.4).
• content must be set to an SpcIndirectDataContent structure, which is described later.
and from page 9 to 11 (which is indeed later) contains a detailed definition beginning with
SpcIndirectDataContent ::= SEQUENCE {
data SpcAttributeTypeAndOptionalValue,
messageDigest DigestInfo
} --#public—
SpcAttributeTypeAndOptionalValue ::= SEQUENCE {
type ObjectID,
value [0] EXPLICIT ANY OPTIONAL
}
where the DigestInfo contains the AlgId and digest value for a canonical hash of the file computed using a process detailed starting on page 15.
