Lol, someone is *actually* reimplementing sbctl in Rust.
They didn't even bother coming up with a new name for it.
@Foxboron Your project is obsolete since day 1 by not being written in The Systems Language. It's ur fault m8
@barthalion I'll be watching this just to check if they figure out the Authenticode portions of the code they need.
@Foxboron @barthalion speaking of authenticode, is there an easy way to get the hash of a PE? I have a modified version of sbsigntool that adds --hash-only for predicting PCR4 values and need to ask Kerr again to look at merging it: https://groups.io/g/sbsigntools/message/42
@Foxboron @th @barthalion I just used python-signify for that
@grawity @th @barthalion
OOoooohh, yes. That makes a lot of sense!
Frankly it seems like signify implements all of this trivially.
@Foxboron @th @barthalion
https://github.com/grawity/tpm_futurepcr/blob/v1.5/tpm_futurepcr/util.py#L46
I did write my own code for systemd PE sections because it was simple enough (and worked better than shelling out to objdump, at least), but for the hashing I used signify.fingerprinter.AuthenticodeFingerprinter()
@th @barthalion
I thought @grawity had written something for it in his pcr prediction tooling.. but I can't seem to find it :/
https://github.com/grawity/tpm_futurepcr/blob/master/tpm_futurepcr/log_event.py
It might be interesting regardless as it does parse PE files quite nicely.