Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Microsoft Security Catalog Format Documentation and API Samples

Tags:

security

cat

catalog

I'm looking for any documentation on the API for working with Microsoft Security Catalogs, or in lieu of that, information on the file format so that I may write my own parser.

In short, I have some .cat files that I need to be able to work with. Looking at the file in a hex editor, they obviously have different regions, which are delimited somehow (looks like typical binary saved structs). I need to get certain information out of them, and ignore other information.

I could probably reverse engineer the format and parse out what I need, but I'd prefer to do that either through the Win32 API, or at least write my parser to be correct for the format, instead of just "able to do what I need it to do".

MSCAT32.DLL seems to be the signficant one, but I'm not sure it has exports to do what I need... It's a bit cryptic (no pun intended).

Any information at all would be helpful.

Just to toss a few more keywords in here...

The MIME type is: application/vnd.ms-pki.seccat The magic header bytes are: 30 80 09 06 The field delimiters in the file seem to be: EOT (04) and € (80) A program that generates them is: MakeCat.exe

like image 378
Troy Howard Avatar asked Nov 05 '22 19:11

Troy Howard

2 Answers

Microsoft Security Catalogs are nothing more than binary files, coded in ASN.1 DER format. Inside the file is PKCS#7 signed data with additional fields for Microsoft specific stuff (coded with Microsoft OIDs). A list of these OIDs can be found here: https://support.microsoft.com/en-us/kb/287547

If you want to decode ASN.1 DER, use for example this JavaScript based encoder: http://lapo.it/asn1js/

By the way: 30 80 09 06 is not the file magic, but means there is a constructive SEQUENCE with unknown length starting there. ASN.1 DER Files do not have any magic, but start with a SEQUENCE (which is coded in DER as 0x30 in many cases.

like image 71
reox Avatar answered Nov 26 '22 21:11

reox

Here is a definition of the wintrust calls that are used by makecat Look under Catalog Definition Functions Catalog Functions which are made up of certificate trust list (CTL) A predefined list of items that have been signed by a trusted entity. A CTL can be anything, such as a list of hashes of certificates, or a list of file names. All the items in the list are authenticated (approved) by the signing entity.

which in turn are composed on pkcs#7 blobs

like image 33
tom Avatar answered Nov 26 '22 21:11

tom
Sign in to Comment

Related questions

How to properly secure password in AngularJS
Share login data between two android apps with same credentials
IP Security and Always On Setting in Azure
Storing sensitive data in database, recommendation
Using SSL with Kafka on a single node
What happens to the Django admin site during production?
[email protected] getting Missing Origin Validation while using npm audit
How many keys can be stored in the iOS Secure Enclave?
How can I setup a local environment to work with the latest SameSite cookie change to Chrome?
Is it possible to compile R scripts into a binary?
Best practices to store sensitive information in Electron desktop application
Jenkins log4j vulnerability testing from pipeline job
how to restrict or filter database access according to application user attributes
When does the .NET CLR evaluate security attributes?
Blocking write-access to a specific branch in a single mercurial repository
Document-Based Security in ASP.NET MVC
Warning on Permissions attribute when running an applet with JRE 7u45
How to securely include secret key/signature in iOS/Cocoa apps
How to build RUNAS /NETONLY functionality into a (C#/.NET/WinForms) program?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!