BUG: syspin checksum fails, aborts installation

[HachimanSec]

Describe the bug and expected behavior Try to install on Windows 1909. After some time installation stops. Manual reboot enforced, after manual reboot installation CLI opens again but fails verifying the syspin checksum. Attempt to install it manually fails with a similar error.

Anyone any idea what this could be?

Version

• OS: Windows 1901

Log output

cinst -y syspin -f
Chocolatey v0.10.15
2 validations performed. 1 success(es), 1 warning(s), and 0 error(s).

Validation Warnings:
 - A pending system reboot request has been detected, however, this is
   being ignored due to the current Chocolatey configuration.  If you
   want to halt when this occurs, then either set the global feature
   using:
     choco feature enable -name=exitOnRebootDetected
   or pass the option --exit-when-reboot-detected.

Installing the following packages:
syspin
By installing you accept licenses for the packages.

syspin v0.99.9.1 (forced) [Approved]
syspin package files install completed. Performing other installation steps.
WARNING: Url has SSL/TLS available, switching to HTTPS for download
Downloading syspin
  from 'https://www.technosys.net/download.aspx?file=syspin.exe'
Progress: 100% - Completed download of C:\ProgramData\chocolatey\lib\syspin\tools\syspin.exe (19 KB).
Download of syspin.exe (19 KB) completed.
Error - hashes do not match. Actual value was '07D6C3A19A8E3E243E9545A41DD30A9EE1E9AD79CDD6D446C229D689E5AB574A'.
ERROR: Checksum for 'C:\ProgramData\chocolatey\lib\syspin\tools\syspin.exe' did not meet 'a6967e7a3c2251812dd6b3fa0265fb7b61aadc568f562a98c50c345908c6e827' for checksum type 'sha256'. Consider passing the actual checksums through with --checksum --checksum64 once you validate the checksums are appropriate. A less secure option is to pass --ignore-checksums if necessary.
The install of syspin was NOT successful.
Error while running 'C:\ProgramData\chocolatey\lib\syspin\tools\chocolateyInstall.ps1'.
 See log for details.

Chocolatey installed 0/1 packages. 1 packages failed.
 See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).

Failures
 - syspin (exited -1) - Error while running 'C:\ProgramData\chocolatey\lib\syspin\tools\chocolateyInstall.ps1'.
 See log for details.

[HachimanSec]

Apparently the problem is not only limited to syspin, folder lib-bad contains various other tools as well.

Searching chocolatey.log for other failed packages, such as adexplorer or dnspy.flare, doesnt return any findings.

[HachimanSec]

Apparently multiple sources are invalid.

The installation scripts even finishes, yet it appears many tools are not installable. For example Bloodhound or Foca are still missing.

Anyone any idea?#

Edit: apparently this breaks it for others as well, see issue https://github.com/fireeye/commando-vm/issues/189

[AlexLeace]

唉，我也遇到了這個問題。不僅如此，如果你使用full.json作爲repo去下載軟件的話，你會發現滿屏都是”下載失敗“。問題出在軟件源所指向的URL上。倘若要改的話，太麻煩（個人覺得沒時間在此瞎折騰）……而且如果自己去下載對應的軟件，安裝程序根本無法識別，它仍然會重新下載，然後報錯。只能火眼實驗室更新一下他們的軟件源了。（爲啥顯示出來的不是簡體中文……[\捂臉]；英文水平不高，只能用中文，翻譯一下吧）

[HachimanSec]

感谢您的留言。 我遇到了同样的问题。 确实似乎与要下载的软件的校验和有关。 显然他们在脚本中引用的版本不再可用。 似乎没有简单可行的解决方案。 太糟糕了，我非常感谢Commando-VM。

PS：我不会说中文，所以我希望翻译能工作。

---

Thank you for your message. I encountered the same problems. It really seems to be a problem with the checksum of the software to be downloaded. Apparently the versions they reference in the script is no longer available. It seems there is no easy, feasible fix for that. Too bad, I really appreciated Commando-VM.

[day1player]

Yeah it looks like some of the packages will need to be updated. All of the packages ending in .fireeye or .flare are maintained by us, and we can have them updated. Other packages that do not end that way (syspin for example) are maintained by others and we will need to wait until they update those packages.

[HachimanSec]

Thanks for the update @day1player!

Just for my understanding, is it intended behaviour that an error with these packages results in a subsequent failure to install the other packages? For example bloodhound or Foca is also not installed. I assume this is a follow up issue?

[day1player]

@HachimanSec some packages that have specific dependencies will fail if the dependency is unable to be installed, but I think BloodHound and Foca should not be affected by dependencies and they could be other issues. If you want to feel free to create new issues or post some screenshots here and I can create the new issues

[HachimanSec]

Thanks @day1player. Strange thing is, I see no further errors as to why it stops the installation of further packages such as BH and Foca.

All I see is the errors of syspin, etc. and then it simply stops. I try to dig into it a bit more and if I have enough info I will open a new bug. I just dont want to spam you guys with bugs that have no content ;)

[gtjamesa]

Yeah it looks like some of the packages will need to be updated. All of the packages ending in .fireeye or .flare are maintained by us, and we can have them updated. Other packages that do not end that way (syspin for example) are maintained by others and we will need to wait until they update those packages.

Is there any ETA?

[MasterDomino]

if you want all packages that fail for some reason can be reinstalled you can as well edit urls or their checksums in file C:\ProgramData\chocolatey\lib\windbg.flare\tools\chocolateyInstall.ps1 which can easily be changed you then need to pack and install it using chocolatey:

cpack C:\ProgramData\chocolatey\lib-bad\windbg.flare\windbg.flare.nuspec
cinst C:\ProgramData\chocolatey\lib-bad\windbg.flare\windbg.flare.nuspec

keep in mind that this is a workaround and most of those that fail can be fixed within 10 minutes by flare team or anyone doing a proper PR.

[AlexLeace]

Maybe it will work in some ways. But we need a completely and permanently solution, or every time, you need to edit their URLs and checksums ,after their software have being updated. I think FireEye should learn from Offensive Security, depending on several officially resources,which can reliable and stable storage the packages.

[day1player]

@WYMzg we rely on other official repos where we can, dnSpy is not officially supported as a chocolatey package by anyone but us 👍

fixed with june update #262