-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathchecksig.ps1
91 lines (80 loc) · 2.34 KB
/
checksig.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
param (
[string]$FILENAME,
[string]$SIGFILE,
[string]$HASHTYPE = "SHA256",
[switch]$_VERBOSE = $false
)
# Runs on Windows 10, Powershell 5.1
# Example usage(s):
# .\checksig.ps1 -filename .\ProgramFilename.exe -sigfile .\SignatureFilename.txt -hashtype SHA256 -v
# .\checksig.ps1 -sigfile SignatureFilename.txt -filename ProgramFilename.exe
# TODO: make sure that quoted filenames and filenames with spaces work
# TODO: accept either a file containing a signature to compare, or the signature directly
$_DEBUG = $False;
$SIG_O="";
$SIG_F="";
# Validate input
if ( !( Test-Path $FILENAME ) )
{
Write-Host "File to check does not exist.";
exit 2;
}
if ( !( Test-Path $SIGFILE ) )
{
Write-Host "Signature file does not exist.";
exit 2;
}
if ( $HASHTYPE -ne "MD2" -and $HASHTYPE -ne "MD4" -and $HASHTYPE -ne "MD5" -and $HASHTYPE -ne "SHA1" -and $HASHTYPE -ne "SHA256" -and $HASHTYPE -ne "SHA384" -and $HASHTYPE -ne "SHA512" )
{
Write-Host "The hash algorithm must be specified as one of the following:";
Write-Host "MD2, MD4, MD5, SHA1, SHA256, SHA384, SHA512";
exit 3;
}
if ( $_DEBUG )
{
Write-Host "Filename: $FILENAME";
Write-Host "Signature file: $SIGFILE";
Write-Host "Hash algorithm: $HASHTYPE";
}
if ( $_VERBOSE )
{
Write-Host "Using hash type $HASHTYPE";
}
# Generate the signature of the file
$_OUT_CERTUTIL = (Get-FileHash -Path $FILENAME -Algorithm $HASHTYPE).Hash
# Check status of CertUtil
if ( $? )
{
# Strip the generated signature from the output, and remove any whitespace
#$SIG_F = $_OUT_CERTUTIL | Select-Object -Index 1
#$SIG_F = $SIG_F -replace '\s',''
$SIG_F = $_OUT_CERTUTIL -replace '\s',''
# Get the signature to verify against, and remove any whitespace
$SIG_O = Get-Content -path $SIGFILE
$SIG_O = $SIG_O -replace '\s',''
if ( $_DEBUG )
{
Write-Host "$SIG_F"
Write-Host "$SIG_O"
}
# Compare the signatures and output the results
if ( $SIG_F -eq $SIG_O )
{
Write-Host "Signatures match."
}
else
{
Write-Host "Signatures did not match."
}
if ( $_VERBOSE )
{
Write-Host "Generated signature, followed by the signature provided as a parameter:"
Write-Host "$SIG_F"
Write-Host "$SIG_O"
}
}
# Display output of CertUtil if it returned an error
else
{
Write-Host "CertUtil encountered an error: `n$_OUT_CERTUTIL";
}