Open Allexxann opened 5 years ago
palchak
commented
4 years ago The module 'Az.Accounts' cannot be installed or updated because the authenticode signature of the file | 'Az.Accounts.psd1' is not valid.
I am getting this error while trying to update my az module using powershell 7
shutingrz
commented
4 years ago About SHiPS 0.8.1 published in PowerShellGallery. https://www.powershellgallery.com/packages/SHiPS/0.8.1
SHiPS.psd1 has an incorrect code signature.
> Get-AuthenticodeSignature . \SHiPS.psd1
SignerCertificate Status Path
----------------- ------ ----
C3A3D43788E7ABCD287CB4F5B6583043774F99D2 HashMismatch SHiPS.psd1
Since SHiPS is referenced by many packages, the following errors occur in the Install-Module and Update-Module of various packages.
PackageManagement\Install-Package : The module 'SHiPS' cannot be installed or updated because the authenticode signatur
e of the file 'SHiPS.psd1' is not valid.
C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\2.2.4.1\PSModule.psm1:9709 :34
+ ... talledPackages = PackageManagement\Install-Package @PSBoundParameters
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (Microsoft.Power....InstallPackage:InstallPackage) [Install-Package]、E
xception
+ FullyQualifiedErrorId : InvalidAuthenticodeSignature,ValidateAndGet-AuthenticodeSignature,Microsoft.PowerShell.P
ackageManagement.Cmdlets.InstallPackageCould you sign the form correctly?
Allexxann
commented
4 years ago It seems like this module is abandoned. I simply uninstalled it from my computer - at least it sidestepped the issue, and turns out I cannot remember when I used it last time.
jianyunt
commented
4 years ago @SteveL-MSFT @theJasonHelmick, @joeyaiello any ideas why some people get invalid result while running Get-AuthenticodeSignature? The SHiPS was published in 2018, no changes. Our Cloud Shell is using it, no issues. I just downloaded it a min ago, and run Get-AuthenticodeSignature , got valid for me on Windows PowerShell. But by any chances do you guy know what has happened?
raandree
commented
4 years ago @SteveL-MSFT @theJasonHelmick, @joeyaiello, can you provide some steps to troubleshoot this to @shutingrz, please? I cannot reproduce the issue either. On all my machines the checksum is valid.
@shutingrz, does this only happen on a Japanese OS?
shutingrz
commented
4 years ago @raandree , I have tested Windows 10 Pro 1909(1) and Windows 10 Enterprise(2) in three languages (Japanese, English and Spanish).
1: download from MediaCreationTool1909.exe (https://www.microsoft.com/en-US/software-download/windows10) 2: download from Windows Evaluations (https://www.microsoft.com/en-US/evalcenter/evaluate-windows-10-enterprise)
As a result of the verification, both Pro 1909 and Enterprise have a verification error in the Japanese environment only.
PackageManagement\Install-Package : ファイル 'SHiPS.psd1' の Authenticode 署名が無効なため、モジュール 'SHiPS' をインス
トールまたは更新できません。
発生場所 C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:1809 文字:21
+ ... $null = PackageManagement\Install-Package @PSBoundParameters
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (Microsoft.Power....InstallPackage:InstallPackage) [Install-Package]、E
xception
+ FullyQualifiedErrorId : InvalidAuthenticodeSignature,ValidateAndGet-AuthenticodeSignature,Microsoft.PowerShell.P
ackageManagement.Cmdlets.InstallPackage
PS C:\Windows\system32>Verification errors can also be checked in the file's properties, and I got the message "This digital signature is not valid" (In Japanese: このデジタル署名は有効ではありません。). When I clicked on "View Certificate" to verify the certificate, I got "The digital signature of the object did not verify" (In Japanese: オブジェクトのデジタル署名が検証されませんでした。).
In English and Spanish environments, there was no error and it was Valid.
Microsoft Code Signing PCA 2011 is not installed on the system immediately after the installation of all OSs and languages.
PS C:\Windows\system32> dir cert: -Recurse | Where-Object Thumbprint -eq f252e794fe438e35ace6e53762c0a234a2c52135
PS C:\Windows\system32>I thought it was an OS version or Powershell environment issue when I had the problem. However, these results led me to believe that it was a language and encoding issue. (The default encoding of the Japanese environment is SJIS.)
This is because the binary file, Microsoft.PowerShell.SHiPS.dll, is Valid even in the Japanese environment.
> Get-AuthenticodeSignature .\Microsoft.PowerShell.SHiPS.dll
SignerCertificate Status Path
----------------- ------ ----
C3A3D43788E7ABCD287CB4F5B6583043774F99D2 Valid Microsoft.PowerShell.SHiPS.dllIf you have any good ideas to solve this, please let me know.
Finally, the command log for each language is listed below.
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.
新しいクロスプラットフォームの PowerShell をお試しください https://aka.ms/pscore6
PS C:\Windows\system32> Get-Date -Format G
2020/05/01 4:03:16
PS C:\Windows\system32> systeminfo
ホスト名: DESKTOP-IDV37GI
OS 名: Microsoft Windows 10 Enterprise Evaluation
OS バージョン: 10.0.18363 N/A ビルド 18363
OS 製造元: Microsoft Corporation
OS 構成: スタンドアロン ワークステーション
OS ビルドの種類: Multiprocessor Free
登録されている所有者: shu
登録されている組織:
プロダクト ID: 00329-20000-00001-AA615
最初のインストール日付: 2020/05/01, 3:54:39
システム起動時間: 2020/05/01, 4:01:29
システム製造元: Microsoft Corporation
システム モデル: Virtual Machine
システムの種類: x64-based PC
プロセッサ: 1 プロセッサインストール済みです。
[01]: Intel64 Family 6 Model 158 Stepping 10 GenuineIntel ~2808 Mhz
BIOS バージョン: American Megatrends Inc. 090008 , 2018/12/07
Windows ディレクトリ: C:\Windows
システム ディレクトリ: C:\Windows\system32
起動デバイス: \Device\HarddiskVolume1
システム ロケール: ja;日本語
入力ロケール: ja;日本語
タイム ゾーン: (UTC+09:00) 大阪、札幌、東京
物理メモリの合計: 2,048 MB
利用できる物理メモリ: 420 MB
仮想メモリ: 最大サイズ: 3,200 MB
仮想メモリ: 利用可能: 1,715 MB
仮想メモリ: 使用中: 1,485 MB
ページ ファイルの場所: C:\pagefile.sys
ドメイン: WORKGROUP
ログオン サーバー: \\DESKTOP-IDV37GI
ホットフィックス: 6 ホットフィックスがインストールされています。
[01]: KB4515871
[02]: KB4513661 [03]: KB4516115 [04]: KB4517245 [05]: KB4521863 [06]: KB4517389 ネットワーク カード: 1 NIC(s) インストール済みです。
[01]: Microsoft Hyper-V Network Adapter
接続名: イーサネット
DHCP が有効: はい
DHCP サーバー: 192.168.5.1
IP アドレス
[01]: 192.168.5.37
[02]: fe80::f406:c9a9:d7e7:9661
Hyper-V の要件: ハイパーバイザーが検出されました。Hyper-V に必要な機能は表示されません。
PS C:\Windows\system32> $PSVersionTable
Name Value
---- -----
PSVersion 5.1.18362.145
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.18362.145
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
PS C:\Windows\system32> Install-Module SHiPS
続行するには NuGet プロバイダーが必要です
PowerShellGet で NuGet ベースのリポジトリを操作するには、'2.8.5.201' 以降のバージョンの NuGet
プロバイダーが必要です。NuGet プロバイダーは 'C:\Program Files\PackageManagement\ProviderAssemblies' または
'C:\Users\shu\AppData\Local\PackageManagement\ProviderAssemblies' に配置する必要があります。'Install-PackageProvider
-Name NuGet -MinimumVersion 2.8.5.201 -Force' を実行して NuGet プロバイダーをインストールすることもできます。今すぐ
PowerShellGet で NuGet プロバイダーをインストールしてインポートしますか?
[Y] はい(Y) [N] いいえ(N) [S] 中断(S) [?] ヘルプ (既定値は "Y"):
信頼されていないリポジトリ
信頼されていないリポジトリからモジュールをインストールしようとしています。このリポジトリを信頼する場合は、Set-PSReposit
ory コマンドレットを実行して、リポジトリの InstallationPolicy の値を変更してください。'PSGallery'
からモジュールをインストールしますか?
[Y] はい(Y) [A] すべて続行(A) [N] いいえ(N) [L] すべて無視(L) [S] 中断(S) [?] ヘルプ (既定値は "N"): A
PackageManagement\Install-Package : ファイル 'SHiPS.psd1' の Authenticode 署名が無効なため、モジュール 'SHiPS' をインス
トールまたは更新できません。
発生場所 C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:1809 文字:21
+ ... $null = PackageManagement\Install-Package @PSBoundParameters
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (Microsoft.Power....InstallPackage:InstallPackage) [Install-Package]、E
xception
+ FullyQualifiedErrorId : InvalidAuthenticodeSignature,ValidateAndGet-AuthenticodeSignature,Microsoft.PowerShell.P
ackageManagement.Cmdlets.InstallPackage
PS C:\Users\shu> Get-AuthenticodeSignature C:\Users\shu\Desktop\ships.0.8.1\SHiPS.psd1
ディレクトリ: C:\Users\shu\Desktop\ships.0.8.1
SignerCertificate Status Path
----------------- ------ ----
C3A3D43788E7ABCD287CB4F5B6583043774F99D2 HashMismatch SHiPS.psd1
PS C:\Users\shu\Desktop\Sigcheck> .\sigcheck64.exe C:\Users\shu\Desktop\ships.0.8.1\SHiPS.psd1
Sigcheck v2.73 - File version and signature viewer
Copyright (C) 2004-2019 Mark Russinovich
Sysinternals - www.sysinternals.com
c:\users\shu\desktop\ships.0.8.1\SHiPS.psd1:
Verified: ?????????????????????????
File date: 17:37 2018/09/21
Publisher: n/a
Company: n/a
Description: n/a
Product: n/a
Prod version: n/a
File version: n/a
MachineType: n/a
PS C:\Users\shu\Desktop\Sigcheck>PS C:\Users\Administrator> Get-Date -Format G 2020/04/30 11:26:55
PS C:\Users\Administrator> systeminfo
Host Name: CLIENT1
OS Name: Microsoft Windows 10 Enterprise Evaluation
OS Version: 10.0.18363 N/A Build 18363
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner: NA
Registered Organization: vm.net
Product ID: 00329-00000-00003-AA619
Original Install Date: 2020/05/01, 3:21:48
System Boot Time: 2020/05/01, 3:21:31
System Manufacturer: Microsoft Corporation
System Model: Virtual Machine
System Type: x64-based PC
Processor(s): 1 Processor(s) Installed.
[01]: Intel64 Family 6 Model 158 Stepping 10 GenuineIntel ~2808 Mhz
BIOS Version: Microsoft Corporation Hyper-V UEFI Release v4.0, 2019/11/01
Windows Directory: C:\Windows
System Directory: C:\Windows\system32
Boot Device: \Device\HarddiskVolume3
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (UTC-08:00) Pacific Time (US & Canada)
Total Physical Memory: 2,047 MB
Available Physical Memory: 371 MB Virtual Memory: Max Size: 3,199 MB Virtual Memory: Available: 1,098 MB Virtual Memory: In Use: 2,101 MB Page File Location(s): C:\pagefile.sys Domain: NET
Logon Server: \\CLIENT1 Hotfix(s): 6 Hotfix(s) Installed. [01]: KB4515871 [02]: KB4513661 [03]: KB4516115 [04]: KB4517245
[05]: KB4521863
[06]: KB4517389
Network Card(s): 1 NIC(s) Installed.
[01]: Microsoft Hyper-V Network Adapter
Connection Name: Ethernet
DHCP Enabled: Yes
DHCP Server: 192.168.5.1
IP address(es)
[01]: 192.168.5.35
[02]: fe80::5068:cca0:215e:d5e1
Hyper-V Requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed.
PS C:\Users\Administrator> $PSVersionTable
Name Value
---- -----
PSVersion 5.1.18362.145
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.18362.145
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
PS C:\Users\Administrator> PS C:\Users\Administrator> Install-Module SHiPS
NuGet provider is required to continue
PowerShellGet requires NuGet provider version '2.8.5.201' or newer to interact with NuGet-based repositories. The NuGet
provider must be available in 'C:\Program Files\PackageManagement\ProviderAssemblies' or
'C:\Users\Administrator\AppData\Local\PackageManagement\ProviderAssemblies'. You can also install the NuGet provider by
running 'Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force'. Do you want PowerShellGet to install
and import the NuGet provider now?
[Y] Yes [N] No [S] Suspend [?] Help (default is "Y"):
Untrusted repository
You are installing the modules from an untrusted repository. If you trust this repository, change its
InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you want to install the modules from
'PSGallery'?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "N"): A
PS C:\Users\Administrator> Get-AuthenticodeSignature "C:\Program Files\WindowsPowerShell\Modules\SHiPS\0.8.1\SHiPS.psd1"
Directory: C:\Program Files\WindowsPowerShell\Modules\SHiPS\0.8.1
SignerCertificate Status Path
----------------- ------ ----
C3A3D43788E7ABCD287CB4F5B6583043774F99D2 Valid SHiPS.psd1Windows PowerShell
Copyright (C) Microsoft Corporation. Todos los derechos reservados.
Prueba la nueva tecnología PowerShell multiplataforma https://aka.ms/pscore6
PS C:\Windows\system32> Get-Date -Format G
01/05/2020 4:59:54
PS C:\Windows\system32> systeminfo
Nombre de host: DESKTOP-FI8B4R2
Nombre del sistema operativo: Microsoft Windows 10 Enterprise Evaluation
Versión del sistema operativo: 10.0.18363 N/D Compilación 18363
Fabricante del sistema operativo: Microsoft Corporation
Configuración del sistema operativo: Estación de trabajo independiente
Tipo de compilación del sistema operativo: Multiprocessor Free
Propiedad de: shu
Organización registrada:
Id. del producto: 00329-20000-00001-AA118
Fecha de instalación original: 01/05/2020, 4:50:46
Tiempo de arranque del sistema: 01/05/2020, 4:57:47
Fabricante del sistema: Microsoft Corporation
Modelo el sistema: Virtual Machine
Tipo de sistema: x64-based PC
Procesador(es): 1 Procesadores instalados.
[01]: Intel64 Family 6 Model 158 Stepping 10 GenuineIntel ~2808 Mhz
Versión del BIOS: American Megatrends Inc. 090008 , 07/12/2018
Directorio de Windows: C:\Windows
Directorio de sistema: C:\Windows\system32
Dispositivo de arranque: \Device\HarddiskVolume1
Configuración regional del sistema: es;Español (internacional)
Idioma de entrada: es;Español (tradicional)
Zona horaria: (UTC+09:00) Osaka, Sapporo, Tokio
Cantidad total de memoria física: 2.048 MB
Memoria física disponible: 562 MB
Memoria virtual: tamaño máximo: 3.200 MB
Memoria virtual: disponible: 1.736 MB
Memoria virtual: en uso: 1.464 MB
Ubicación(es) de archivo de paginación: C:\pagefile.sys
Dominio: WORKGROUP
Servidor de inicio de sesión: \\DESKTOP-FI8B4R2
Revisión(es): 6 revisión(es) instaladas.
[01]: KB4515871 [02]: KB4513661 [03]: KB4516115 [04]: KB4517245 [05]: KB4521863 [06]: KB4517389
Tarjeta(s) de red: 1 Tarjetas de interfaz de red instaladas. [01]: Microsoft Hyper-V Network Adapter Nombre de conexión: Ethernet DHCP habilitado: Sí Servidor DHCP: 192.168.5.1 Direcciones IP
[01]: 192.168.5.38
[02]: fe80::c170:fe8:c1c7:597e
Requisitos Hyper-V: Se detectó un hipervisor. No se mostrarán las características necesarias para Hyper-V.
PS C:\Windows\system32> $PSVersionTable
Name Value
---- -----
PSVersion 5.1.18362.145
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.18362.145
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
PS C:\Windows\system32> Install-Module SHiPS
Se necesita el proveedor de NuGet para continuar
PowerShellGet necesita la versión del proveedor de NuGet '2.8.5.201' o posterior para interactuar con repositorios
basados en NuGet. El proveedor de NuGet debe estar disponible en 'C:\Program
Files\PackageManagement\ProviderAssemblies' o 'C:\Users\shu\AppData\Local\PackageManagement\ProviderAssemblies'.
También puedes instalar el proveedor de NuGet ejecutando 'Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201
-Force'. ¿Quieres que PowerShellGet se instale e importe el proveedor de NuGet ahora?
[S] Sí [N] No [U] Suspender [?] Ayuda (el valor predeterminado es "S"):
Repositorio que no es de confianza
Estás instalando los módulos desde un repositorio que no es de confianza. Si confías en este repositorio, cambia su
valor InstallationPolicy ejecutando el cmdlet Set-PSRepository. ¿Estás seguro de que quieres instalar los módulos de
'PSGallery'?
[S] Sí [O] Sí a todo [N] No [T] No a todo [U] Suspender [?] Ayuda (el valor predeterminado es "N"): O
PS C:\Windows\system32> Get-AuthenticodeSignature "C:\Program Files\WindowsPowerShell\Modules\SHiPS\0.8.1\SHiPS.psd1"
Directorio: C:\Program Files\WindowsPowerShell\Modules\SHiPS\0.8.1
SignerCertificate Status Path
----------------- ------ ----
C3A3D43788E7ABCD287CB4F5B6583043774F99D2 Valid SHiPS.psd1
PS C:\Windows\system32>@jianyunt @SteveL-MSFT @theJasonHelmick @joeyaiello @raandree
I've reverse-engineered the Windows validation checking routine using x64dbg and Ghidra. As a result, I've determined that there is a problem with the character code conversion of the following DLL files.
C:\Windows\System32\WindowsPowerShell\v1.0\pwrshsip.dll
The code signing of the PSD1 file is accomplished by the following process flow.
crypt32.CryptSIPVerifyIndirectData -> pwrshsip.PsVerifyHash
PsVerifyHash calls FUN_180002ed8 (this is the name of the function on Ghidra), extracts the contents of the psd1 file, and runs Call CryptHashData to compute the hash.
Below is the result of decompiling the routine of FUN_180002ed8 in Ghidra.
void FUN_180002ed8(longlong param_1,HCRYPTHASH *param_2,BYTE *param_3,DWORD *param_4)
{
BOOL BVar1;
DWORD DVar2;
ulonglong uVar3;
undefined auStack1128 [32];
uint local_448 [4];
BYTE local_438 [1024];
ulonglong local_38;
local_38 = DAT_180008008 ^ (ulonglong)auStack1128;
local_448[0] = 0;
if (((param_2 != (HCRYPTHASH *)0x0) && (param_3 != (BYTE *)0x0)) && (param_4 != (DWORD*)0x0)) {
*param_3 = '\0';
*param_4 = 0;
uVar3 = FUN_180001e90(param_1);
DVar2 = (DWORD)uVar3;
while (DVar2 == 0) {
uVar3 = FUN_180001ee0(param_1,0x400,local_438,local_448);
if ((int)uVar3 != 0) {
if ((int)uVar3 == 0x103) {
FUN_1800045ac(param_2,param_3,0x400,param_4);
}
break;
}
DVar2 = 0;
BVar1 = CryptHashData(*param_2,local_438,local_448[0],0);
if (BVar1 == 0) {
DVar2 = GetLastError();
}
}
}
FUN_1800052d0(local_38 ^ (ulonglong)auStack1128);
return;
}When I looked up the arguments for CryptHashData, I found a difference between the English and Japanese versions of Windows. Specifically, the following line in SHiPS.psd1
Copyright = '© Microsoft Corporation. All rights reserved.'As a result of this line being converted, the "©" indicating CopyRight is different in the data between English and Japanese versions of Windows.
English
C2 00 A9 00Japanese
82 FF 69 FFThe CopyRight symbol "©" is 0xC2A9 in Unicode, so the English version of Windows is correct.
A MultiByteToWideChar in FUN_180004218 that converts UTF-8 strings in psd1 files to wide characters is the cause of this problem.
When I changed the result of the MultiByteToWideChar conversion from the incorrect value "82FF69FF" to "C200A900" in the debugger, the result of PsVerifyHash was correct and the result of Get-AuthenticodeSignature was also valid!
I think this is a problem not only with Japanese, but with multiple languages that use double-byte characters by default as well.
I don't know how to completely fix this encoding problem. Even if you can fix this with a code change, you will still need to fix pwrshsip.dll, not SHiPS.
However, there is a workaround: change "©" (C2A9) to "(c)" in SHiPS.psd1 and re-sign it. It would be great if you could fix SHiPS.psd1 as a Workaround.
raandree
commented
4 years ago Is there anything new about this? If SHiPS is no longer maintained, we are going to remove the dependency and all connected features to prevent further trouble.
sevaa
commented
1 year ago This also manifests with Russian system default locale. Looks a like typical ANSI codepage reliance issue.
Cannot update this module via update-module cmdlet - signature is not valid