mraeryceos Posted January 30, 2015 Share Posted January 30, 2015 When I take the hash of a file, and compare it with the hash in the Security Catalog, it doesn't match up. Maybe the hash listed in the catalog is not of the whole file, just important parts of the file? If so, is there a tool that will calculate the hash in the Microsoft way? I could use makecat, but it is a pain having to make a text file before getting the hash. I haven't tried it yet, so neither do I know if it will work. Also, I can see a list of hashes in the cat file, but I don't know the corresponding filenames. Is there a cat file viewer that lists the filenames that correspond with the hashes? Link to comment Share on other sites More sharing options...
MagicAndre1981 Posted January 30, 2015 Share Posted January 30, 2015 which hash have you calculated. This should be SHA-1 hash which MS uses. Link to comment Share on other sites More sharing options...
mraeryceos Posted January 31, 2015 Author Share Posted January 31, 2015 (edited) I calculated SHA-1, using a program called Hash.I searched for the this hash inside the cat files, using a program that searches within files, but can't find it.If I search with this program for a hash I know is in one of the cat files, I can find it Edited January 31, 2015 by mraeryceos Link to comment Share on other sites More sharing options...
mraeryceos Posted January 31, 2015 Author Share Posted January 31, 2015 Hopefully with the last edit, what I was trying to say makes sense! Link to comment Share on other sites More sharing options...
MagicAndre1981 Posted January 31, 2015 Share Posted January 31, 2015 also try to calculate MD5 and SHA-256 Link to comment Share on other sites More sharing options...
mraeryceos Posted January 31, 2015 Author Share Posted January 31, 2015 http://en.wikipedia.org/wiki/Secure_Hash_AlgorithmThe hashes in the Security Catalog, are SHA1 in length Link to comment Share on other sites More sharing options...
Glenn9999 Posted January 31, 2015 Share Posted January 31, 2015 I calculated SHA-1, using a program called Hash. Where might one obtain this program? I get the feeling that checking its output against a known good SHA-1 generator will reveal this "Hash" program to be in error, if you are getting the values right out of the security catalogs. Link to comment Share on other sites More sharing options...
mraeryceos Posted February 1, 2015 Author Share Posted February 1, 2015 (edited) http://www.keir.net/hash.htmlI took the hash of shell32.dll.mui, that I pulled from a zh-tw language packFile Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)Modified: Saturday, November 20, 2010, 6:21:18 AMMD5: 20AA0D4DB61152CBC4D9A96964A98A48SHA1: 33217BEE852DAE99DD89CC62554F74EBAE8A960CCRC32: 723E04A0 I searched for the SHA1 within all the files in the lp.cab. No result.I opened one cat file at random, then copied one of the hashes from it, and searched again in lp.cab for this hash string: result is the cat file from which I copied the hash. Maybe they don't include the PE headers in the hash calculation? Edited February 1, 2015 by mraeryceos Link to comment Share on other sites More sharing options...
mraeryceos Posted February 4, 2015 Author Share Posted February 4, 2015 Maybe this: http://pev.sourceforge.net/doc/manual/en_us/ch05s03.htmlNot sure what a "section" would be. Link to comment Share on other sites More sharing options...
mraeryceos Posted February 6, 2015 Author Share Posted February 6, 2015 Maybe what shows in the security catalogs, are the encrypted versions of the SHA1 hashes? They may be encrypted with a public key, and only MS would have the private key. I don't know, I'm just taking guesses. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now