search

Belphemur / SoundSwitch

C# application to switch default playing device. Download: https://soundswitch.aaflalo.me/
https://soundswitch.aaflalo.me/
GNU General Public License v2.0
2.46k stars 176 forks source link

Invalid signature of installer #974

Open pauLee opened 2 years ago

pauLee commented 2 years ago

Describe the bug Installer reports invalid installer

Version SoundSwitch v6.4.1

To Reproduce Steps to reproduce the behavior:

After starting the installer error message occurs

image

It has nothing to do with a false positive virus detection, like said in issue #950

Belphemur commented 2 years ago

Hello,

Which version of Windows are you running?

I never been able to reproduce this issue.

Can you also attach the logs ?

%appdata%/SoundSwitch/logs

Sent from Nine

From: tomcek @.***> Sent: Wednesday, August 3, 2022 03:06 To: Belphemur/SoundSwitch Cc: Subscribed Subject: [Belphemur/SoundSwitch] Invalid signature of installer (Issue #974)

Describe the bug Installer reports invalid installer Version SoundSwitch v6.4.1 To Reproduce Steps to reproduce the behavior: After starting the installer error message occurs It has nothing to do with a false positive virus detection, like said in issue #950 — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.Message ID: @.***>

pauLee commented 2 years ago

soundswitch20220803.log

It's Windows 10 21H2 (Build 19044.1826)

Belphemur commented 2 years ago

Can you give me all the logs files ? The last one doesn't contain enough details. All I can see, is that SoundSwitch got updated in the end.

pauLee commented 2 years ago

soundswitch20220801.log soundswitch20220802.log

More log files I don't have.

You see the update was done because I did it manually by downloading the latest version and ignoring the Defender warning about the unknown publisher.

pauLee commented 2 years ago

I use a tool at work, it's called VMware DEM (for managing userprofiles in non-persistant VDI environments), this tool is able to read signatures of executables ... I compared the older working version 6.2.3 of soundswitch and the version 6.4 and 6.4.1 and it tells me also that version 6.4 and 6.4.1 have no publisher information (no signature).

Version 6.2.3 with valid signature:

image

Version 6.4 without signature:

image

Belphemur commented 2 years ago

The tool you're using isn't reporting properly the different signatures present on the executable. You can see on VirusTotal I double sign every installer (and executable) with my own CA and a proper recognized CA:

https://www.virustotal.com/gui/file/69430dd3e1b249400f18df0641594834736b5f0e0f2890f77f038d4789c577dd/details

sucellusX commented 2 years ago

I'm having the same issue trying to update to 6.4.2. I have 6.3.0 installed. I'm also running Win 10.

The log is not particularly exciting: [09:49:03.754 INF][32]{ } Checking version "Name: SoundSwitch v6.4.2, TagName: v6.4.2, Prerelease: False, PublishedAt: 8/9/2022 12:33:52 AM" (at SoundSwitch.Framework.Updater.UpdateChecker.ProcessAndNotifyRelease) [09:49:52.959 DBG][1]{ } Click on systray icon: 1 Left(at SoundSwitch.UI.Component.TrayIcon.<.ctor>b24_1) [09:49:58.696 ERR][80]{ } Wrong signature for the release(at SoundSwitch.UI.Forms.UpdateDownloadForm.b__4_2) [09:53:32.692 DBG][1]{ } Click on systray icon: 1 Left(at SoundSwitch.UI.Component.TrayIcon.<.ctor>b24_1) [09:53:54.278 DBG][1]{ } Click on systray icon: 1 Right(at SoundSwitch.UI.Component.TrayIcon.<.ctor>b__24_1) [09:54:13.048 INF][1]{ } Release ReleaseVersion: 6.4.2, Name: SoundSwitch v6.4.2 set as ReleasePostponed { Version = 6.4.2, Until = 8/12/2022 1:54:13 PM, Count = 1 }(at SoundSwitch.Framework.Updater.Remind.PostponeService.PostponeRelease) [09:54:13.057 DBG][1]{ } Saving configuration "SoundSwitchConfiguration(C:\Users\harrbr10\AppData\Roaming\SoundSwitch\SoundSwitchConfiguration.json)"(at SoundSwitch.Framework.Configuration.SoundSwitchConfiguration.Save)

Belphemur commented 2 years ago

@sucellusX Could you manually update to 6.4.0 ? https://github.com/Belphemur/SoundSwitch/releases/tag/v6.4.0

Then try the update to v6.4.2 with the program ?

I added more logging in v6.4.0 to give me more info when the signature fails.

sucellusX commented 2 years ago

@Belphemur Ok, installed 6.4.0. I'm now right clicking on the system tray icon and selecting the update, but it doesn't do anything after that.

image

[12:27:03.093 DBG][1]{ } Click on systray icon: 1 Right(at SoundSwitch.UI.Component.TrayIcon.<.ctor>b__24_1) [12:27:06.579 INF][17]{ } Checking version "Name: SoundSwitch v6.4.2, TagName: v6.4.2, Prerelease: False, PublishedAt: 8/9/2022 12:33:52 AM" (at SoundSwitch.Framework.Updater.UpdateChecker.ProcessAndNotifyRelease) [12:27:06.580 INF][1]{ } Release "ReleaseVersion: 6.4.2, Name: SoundSwitch v6.4.2" has been postponed(at SoundSwitch.UI.Component.TrayIcon.NewReleaseAvailable)

Belphemur commented 2 years ago

From the log the v6.4.2 has been postponed earlier so it doesn't trigger the update ... Well I guess I should also rework that, if the user actually click, that should override the postponing.

Easiest: Wait for 3 days since the moment you postponed.

The other way is to either edit the config %appdata%/SoundSwitch/SoundSwitchConfiguration.json and remove a json entry for Postponed.

Or rename the config file to have a clean config. After that the clean config can be replaced by the old one after.

sucellusX commented 2 years ago

Ok, edited the json and so it did try to install but I got the error again. Untrusted root cert.

image

[13:20:54.272 INF][1]{ } Update checker initiated(at SoundSwitch.Model.AppModel.InitUpdateChecker) [13:20:54.977 INF][6]{ } Checking version "Name: SoundSwitch v6.4.2, TagName: v6.4.2, Prerelease: False, PublishedAt: 8/9/2022 12:33:52 AM" (at SoundSwitch.Framework.Updater.UpdateChecker.ProcessAndNotifyRelease) [13:21:07.359 ERR][6]{ } Wrong signature for the release: UntrustedRoot(at SoundSwitch.UI.Forms.UpdateDownloadForm.b__4_2)

sucellusX commented 2 years ago

I'm looking at the cert on the 6.4.0 installer and this is probably the problem. Your personal cert maps back to an untrusted root, and the sound switch appears to be a self signed cert.

image

image

Belphemur commented 2 years ago

It's double signed.

Once with my self-signed and the other with a reputable CA: certum.

Basically your CA certs are outdated.

I imagine you're behind on some windows updates which explains the Untrusted Root issue.

Not much I can do here other than suggest you to update your windows installation.

Sent from Nine

From: sucellusX @.***> Sent: Tuesday, August 9, 2022 13:27 To: Belphemur/SoundSwitch Cc: Antoine Aflalo; Mention Subject: Re: [Belphemur/SoundSwitch] Invalid signature of installer (Issue #974)

I'm looking at the cert on the 6.4.0 installer and this is probably the problem. Your personal cert maps back to an untrusted root, and the sound switch appears to be a self signed cert. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: @.***>

pauLee commented 2 years ago

I'am always on the latest Windows-Update channel through our company policy and up-to-date WSUS.

sucellusX commented 2 years ago

Yeah, I'm in a similar situation to @pauLee. Also, if you look at that root cert it is from 2011, so not something new. I don't think it is an issue with our systems not being updated. I don't know this CA, is it possible you are using a bad root cert?

image

Belphemur commented 2 years ago

No issue on hundred of devices running win 10 or win 11.

I have no control on the root certificate of Certum neither their certificate chain.

What I know changed is the key size moving from 2048 to 4096 bits.

Also enterprise version of Win 10 are unfortunately outdated... I imagine you're running 1809 LTS. It's very possible that Microsoft didn't add support for 4096 bits keys until 1903.

Can you give me the exact version of Windows you're running ? (Ctrl +R > winsys )

I'll see if Certum has a solution for this since they are the provider of the code signing certificate.

Sent from Nine

From: sucellusX @.***> Sent: Tuesday, August 9, 2022 15:44 To: Belphemur/SoundSwitch Cc: Antoine Aflalo; Mention Subject: Re: [Belphemur/SoundSwitch] Invalid signature of installer (Issue #974)

Yeah, I'm in a similar situation to @pauLee. Also, if you look at that root cert it is from 2011, so not something new. I don't think it is an issue with our systems not being updated. I don't know this CA, is it possible you are using a bad root cert? — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: @.***>

pauLee commented 2 years ago

I'am on Windows 10 21H2 (Build 19044.1826).

Belphemur commented 2 years ago

But yeah from the look of it, your windows don't trust the CA of Certum.

If you look for the fingerprint: D3DD483E2BBF4C05E8AF10F5FA7626CFD3DC3092 in the trusted list of CA of Microsoft you'll the the CA of Certum.

https://ccadb-public.secure.force.com/microsoft/IncludedCACertificateReportForMSFT

Found that link here: https://docs.microsoft.com/en-us/security/trusted-root/participants-list

sucellusX commented 2 years ago

So I downloaded the latest CA trust list from MS and installed it. Now the certificate traces back to the imported trust list, but I get this error in the certificate chain:

"This certificate trust list does not appear to be valid for the selected purpose."

I'm wondering if you the certificate you are using wasn't issued for code signing.

Belphemur commented 2 years ago

It is specifically made for Code Signing :)

I'm checking with Certum.