Encrypting Windows CE System

I have been paying attention to the article of the Netizen did not forget, I in the "Let myself write the DLL loaded into the SLOT1" article to all read this article Netizen asked a question, about the Signfile.exe parameter key container setting problem, so far no one answered me. But lately I've done my own research. Through the experiment, it realizes the trustworthy environment provided by CE. "Trustworthy environment," said the popular point is to let you customize the CE core startup, can only run the kernel contains EXE, DLL module and signed EXE, DLL module, unsigned exe, DLL can not run. "Trusted Environment" guarantees the security of your kernel, prevents others from illegally researching your kernel or running EXE and DLL on it illegally. Before I tell you about this technique, please allow me to say a few words first.

Let's start with the explanation. Windows CE provides a mechanism that enables developers of custom operating system kernels to protect their own customized kernels, and after joining this mechanism, all nk.bin-unpacked modules (EXE, DLL, OCX) can function correctly, Modules stored on permanent storage can run after the developer digitally signs them, and modules without digital signatures cannot run. Readers are interested in viewing the CE Help document entitled "Create a Trusted environment" article. To be concise, let's start with how to implement a trusted environment.

1, get the key container

The way to get the key container (container) is to invoke the Win32 security API. First get the CSP (cryptographic service provider), and then get key container. The default CSP is Microsoft Base Cryptographic Provider. The default key container is the name of the current logged-on user name. If you are familiar with cryptography, you can invoke additional CSPs. Here we use the Microsoft Base Cryptographic Provider default key container as the key container required for signfile.

2. Sign the module

Signfile.exe is used to sign the module. This file in the CE installation directory (including the source code) can be found, the following is the parameter description:

-o<out filename> output signature data to the specified file

-k<capi key container> specify CAPI keys container

-p<output c file to hold CAPI public key > Output key to specified file (content is an array of C languages)

-s<string to sign and embed in signature> embed the specified character

-A append signature data to a file in the specified PE format

-f<pefile > Files to be signed (EXE, DLL)

If we're going to sign the myproc.exe, assuming we're logged on on desktop Windows with the Fulinlin name, enter the following command at the command line:

signfile -fmyproc.exe -a -kfulinlin -pmyproc.txt

The above parameter tells Signfile.exe to sign the file Myproc.exe with the private key in the key container Fulinlin, and to store the public key in a file named Myproc.txt. Encryption process is very complex, I do not understand the encryption, can only understand such a low-level degree. If I'm wrong, I hope the reader will advise me.

3. Write Test function

Please refer to CE's Help document for the article titled "Verifying a Signature" before writing the inspection function. All we need to do is copy the bottom code in this article to the. c file that defines the Oeminit function in the CE installation directory. Because my debug platform belongs to the X86 series, the Oeminit function is defined in the CFWPC.C file. In order for the reader to understand this mechanism, I make a simple description of the related functions and variables, as follows:

Initializing public key functions

extern BOOL InitPubKey(const BYTE *KeyBlob, DWORD cbKeyBlob);

These two pointers are defined in the Loader.c file, LOADER.C implements the loader's functionality, loading modules (EXE, DLL). These two pointers point to two functions, poemloadinit

The function to point to is that this function determines whether validation is required whenever a module is loaded. True indicates need, false does not need. Poemloadmodule Point to

The function is to verify that the module that will be loaded has a valid signature. There are three return values, please see the help documentation.

extern OEMLoadInit_t pOEMLoadInit;
extern OEMLoadModule_t pOEMLoadModule;

Functions that begin with "certifymodule" are validation functions that are brought by the system. With these three functions you do not have to understand the encryption knowledge.

extern BOOL CertifyModuleInit(void);
extern BOOL CertifyModule(PBYTE pbBlock, DWORD cbBlock);
extern BOOL CertifyModuleFinal(PBYTE *ppbSignData, PDWORD pcbSignData);

Note the public key data G_bsignpublickeyblob, signfile the exported public key to cover the code in the central G_bsignpublickeyblob.

4. Compile and test

Open a kernel project with PB into the command line State (menu open Build Release directory). Type "Build-c" and "Sysgen I486oal" because CFWPC.C is part of the i486oal.lib. Then recompile the kernel. The test method is to make a copy of any EXE that runs under CE, one unchanged and the other signed by SignFile. The two files are then copied to the permanent storage to run. The test results are signed to run, and unsigned cannot run (pop-up dialog box shows "xxx (or one of its components) cannot be found." Please confirm ... ").