def print_signature(binary): format_str = "{:<33} {:<30}" format_hex = "{:<33} 0x{:<28x}" format_dec = "{:<33} {:<30d}" if not binary.has_signature: return signature = binary.signature print("== Signature ==") print(format_dec.format("Version:", signature.version)) print(format_str.format("Digest Algorithm:", oid_to_string(signature.digest_algorithm))) print("") print("-- Content Info --") content_info = signature.content_info print(format_str.format("Content Type:", oid_to_string(content_info.content_type))) print(format_str.format("Type:", oid_to_string(content_info.type))) print(format_str.format("Digest Algorithm:", oid_to_string(content_info.digest_algorithm))) print("") print("-- Certificates --") certificates = signature.certificates for crt in certificates: sn_str = ":".join(map(lambda e : "{:02x}".format(e), crt.serial_number)) valid_from_str = "-".join(map(str, crt.valid_from[:3])) + " " + ":".join(map(str, crt.valid_from[3:])) valid_to_str = "-".join(map(str, crt.valid_to[:3])) + " " + ":".join(map(str, crt.valid_to[3:])) print(format_dec.format("Version:", crt.version)) print(format_str.format("Serial Number:", sn_str)) print(format_str.format("Signature Algorithm:", oid_to_string(crt.signature_algorithm))) print(format_str.format("Valid from:", valid_from_str)) print(format_str.format("Valid to:", valid_to_str)) print(format_str.format("Issuer:", crt.issuer)) print(format_str.format("Subject:", crt.subject)) print("") print("-- Signer Info --") signer_info = signature.signer_info issuer_str = " ".join(map(lambda e : oid_to_string(e[0]) + " = " + e[1], signer_info.issuer[0])) print(format_dec.format("Version:", signer_info.version)) print(format_str.format("Issuer:", issuer_str)) print(format_str.format("Digest Algorithm:", oid_to_string(signer_info.digest_algorithm))) print(format_str.format("Signature algorithm:", oid_to_string(signer_info.signature_algorithm))) print(format_str.format("Program name:", signer_info.authenticated_attributes.program_name.encode('utf-8'))) print(format_str.format("Url:", signer_info.authenticated_attributes.more_info)) print("")
def get(malware, csv): print((colors.WHITE + "\n------------------------------- {0:^13}{1:3}".format( "CERTIFICATE", " -------------------------------") + colors.DEFAULT)) binary = lief.parse(malware) format_str = "{:<33} {:<30}" format_dec = "{:<33} {:<30d}" if binary.has_signature: for cert in binary.signature.certificates: valid_from = "-".join(map(str, cert.valid_from[:3])) dt = datetime.datetime.strptime(valid_from, '%Y-%m-%d') timestamp = time.mktime(dt.timetuple()) cert_from = datetime.datetime.fromtimestamp(timestamp) valid_to = "-".join(map(str, cert.valid_to[:3])) dt = datetime.datetime.strptime(valid_to, '%Y-%m-%d') timestamp = time.mktime(dt.timetuple()) cert_to = datetime.datetime.fromtimestamp(timestamp) sn_str = ":".join(["{:02x}".format(e) for e in cert.serial_number]) if cert_from > datetime.datetime.now( ) or cert_to < datetime.datetime.now(): print((colors.RED + "[X]" + colors.DEFAULT + " Invalid certificate")) valid_from_str = "-".join(map( str, cert.valid_from[:3])) + " " + ":".join( map(str, cert.valid_from[3:])) valid_to_str = "-".join(map( str, cert.valid_to[:3])) + " " + ":".join( map(str, cert.valid_to[3:])) print((format_dec.format( colors.WHITE + "Version:" + colors.DEFAULT, cert.version))) print((format_str.format( colors.WHITE + "Serial Number:" + colors.DEFAULT, sn_str))) print((format_str.format( colors.WHITE + "Signature Algorithm:" + colors.DEFAULT, oid_to_string(cert.signature_algorithm)))) print((format_str.format( colors.WHITE + "Valid from:" + colors.DEFAULT, valid_from_str))) print((format_str.format( colors.WHITE + "Valid to:" + colors.DEFAULT, valid_to_str))) print((format_str.format( colors.WHITE + "Issuer:" + colors.DEFAULT, cert.issuer))) print((format_str.format( colors.WHITE + "Subject:" + colors.DEFAULT, cert.subject))) print('\n') else: print((colors.GREEN + "[" + '\u2713' + "]" + colors.DEFAULT + " Valid certificate")) valid_from_str = "-".join(map( str, cert.valid_from[:3])) + " " + ":".join( map(str, cert.valid_from[3:])) valid_to_str = "-".join(map( str, cert.valid_to[:3])) + " " + ":".join( map(str, cert.valid_to[3:])) print((format_dec.format( colors.WHITE + "Version:" + colors.DEFAULT, cert.version))) print((format_str.format( colors.WHITE + "Serial Number:" + colors.DEFAULT, sn_str))) print((format_str.format( colors.WHITE + "Signature Algorithm:" + colors.DEFAULT, oid_to_string(cert.signature_algorithm)))) print((format_str.format( colors.WHITE + "Valid from:" + colors.DEFAULT, valid_from_str))) print((format_str.format( colors.WHITE + "Valid to:" + colors.DEFAULT, valid_to_str))) print((format_str.format( colors.WHITE + "Issuer:" + colors.DEFAULT, cert.issuer))) print((format_str.format( colors.WHITE + "Subject:" + colors.DEFAULT, cert.subject))) print('\n') csv.write("1,") if not binary.has_signature: print((colors.RED + "[X]" + colors.DEFAULT + " None")) csv.write("0,")