Self-signed code signing certificates


Some setup and application executables need to be signed so that they are not flagged as a security risk by security software on Windows. Especially those that have virus-like behavior such as embedded executable resources that are extracted, and executed.

The following steps were performed on Windows, from the Developer Command Prompt installed by Visual Studio.

To generate self-signed certificate for code signing, run

makecert.exe -n CN=Test.org(Test) -r -h 0 -eku "1.3.6.1.5.5.7.3.3,1.3.6.1.4.1.311.10.3.13" -e 12/31/2017 -pe -sv Test.pvk Test.cer

Here’s a brief overview of the command line
-n subject name
-r create self-signed certificate
-h max height of tree below this cert
-eku comma separated enhanced key usage ids
-e expiration date
-pe private key is exportable
-sv private key file name

You may specify a password or leave it empty.

To convert self-signed certificate to PFX format for usage with SignTool, run

Pvk2Pfx -pvk Test.pvk -spc Test.cer -pfx Test.pfx

To use SignTool to sign an executable, run

SignTool sign /fd SHA256 /a /f Test.pfx filepath.exe

Install certificate (Test.cer) to local machine before running executable.Screen Shot 2017-02-23 at 09.17.03.png

Signing a Wix Toolset setup bundle

You cannot just sign the setup bundle executable and get it to work, because the embedded executable (engine.exe) remains unsigned and will be flagged as a security risk. Use the following steps to prepare setup bundle for installation without being flagged as a security risk.

First, detach the engine from setup as follows

insignia -ib setup.exe -o engine.exe

Sign engine.exe with your certificate using SignTool

SignTool sign /fd SHA256 /a /f Test.pfx engine.exe

Re-attach the signed engine.exe to the bundle

insignia -ab engine.exe setup.exe -o setup.exe

Sign setup.exe with your certificate

SignTool sign /fd SHA256 /a /f Test.pfx setup.exe

Bluetooth serial client using Windows socket API


This post shows how you can discover paired Bluetooth devices, and communicate with them, using Windows socket API. The Windows socket API is available in .NET through the excellent 32feet.NET library.

This is how you can discover Bluetooth devices paired with Windows

client = new BluetoothClient();
devices = client.DiscoverDevices(10, true, true, false);

This is how you can connect with a device, and obtain a NetworkStream to read from

Guid MyServiceUuid = new Guid("{00001101-0000-1000-8000-00805F9B34FB}");
client.Connect(devices[0].DeviceAddress, MyServiceUuid);
NetworkStream stream = client.GetStream();
ReadAsync(stream);

Here’s the implementation of ReadAsync

byte[] buffer = new byte[100];
while (true)
{
    try
    {
        int length = await stream.ReadAsync(buffer, 0, buffer.Length);
        // do something with buffer
    }
    catch
    {
        break;
    }
}

The application can send data at any time as follows

stream.Write(buffer, 0, buffer.Length);

The code above is available at GitHub as part of the Bluetooth Serial Client Tool.

bluetooth-serial-client-tool.PNG

Bluetooth serial server using Windows socket API


This post describes a means to simulate a Bluetooth serial device on Windows. This can be useful to test Bluetooth applications running on Android and Windows, that use a virtual serial port to communicate with devices.

Windows Bluetooth socket API can be used to create a server (listener). I use 32feet.NET here, a neat .NET library layered over the C/C++ socket APIs provided by Microsoft.

Here’s how you can create a Bluetooth listener on the primary adapter/radio

Guid MyServiceUuid = new Guid("{00001101-0000-1000-8000-00805F9B34FB}");
BluetoothListener listener = new BluetoothListener(MyServiceUuid); // Listen on primary radio
listener.Start();
listener.BeginAcceptBluetoothClient(acceptBluetoothClient, null);

The acceptBluetoothClient callback will be called when a client connects, and may be implemented as follows

if (listener == null) return;
client = listener.EndAcceptBluetoothClient(ar);
stream = client.GetStream();
ReadAsync(stream);

ReadAsync is an async method that continuously receives data over the Bluetooth socket, and does something useful with it

byte[] buffer = new byte[100];
while (true)
{
    try
    {
        int length = await stream.ReadAsync(buffer, 0, buffer.Length);
        // do something useful with data in buffer
    }
    catch
    {
        break;
    }
}

The application can send data at any time as follows

stream.WriteAsync(buffer, 0, buffer.Length);

As a bonus to the reader who’s come this far, the code above is available at GitHub as part of the Bluetooth Serial Server Tool.

bluetooth-spp-tool.PNG

Hello World with .NET Core


.NET Core is Microsoft’s new cross-platform Command Language Runtime (CLR). This post is an elementary getting started guide where I create, build and run a “Hello World!” console application with .NET Core.

Let’s begin by downloading and installing .NET Core for your platform. To create a new console applications run

dotnet new

That will create two files – project.csproj and Program.cs. Edit Program.cs using your favorite editor.

I recommend using the multi-platform VS Code. You can extend the capabilities of VS Code by downloading extensions from the VisualStudio Marketplace. VS Code should prompt you to download the C# extension when you open Program.cs.

To build the new program from the command line run

dotnet build

To execute the program run

dotnet run

You can also edit, and run or debug the program using VS Code, as shown in this screenshot

.NET CLR with VS Code

Console applications can be very powerful, but .NET CLR can also be used to build Web applications using ASP.NET Core.

Create and use NuGet packages


To follow the brief instructions in this post, you’ll need to download NuGet.

To create NuGet package spec, aka nuspec, from a project file, execute the following in the folder where the project file is located

nuget spec

Edit the file appropriately.

To create a NuGet package (a glorified zip file) containing project output and all dependencies, run

nuget pack ProjectName.csproj -IncludeReferencedProjects -Prop Configuration=Release -Prop Platform=AnyCPU

Packages can be distributed by creating account at, and uploading nupkg to, nuget.org.

Package references can be managed using NuGet Package Manager extension in Visual Studio (see option under Tools menu). Referenced packages are listed in the packages.config located in a project’s folder; recommend adding it to source control. VS will download all packages specified there before the project is built. VS caches downloaded packages in the packages folder located in the solution’s root folder; exclude it from source control.

nupkg files can also be distributed by other means, and added manually into project using the Powershell commands available in Package Management Console in VS

Install-Package SomePackage -Source Path

SomePackage is a fully qualified package name, Path is an absolute or relative path containing the nupkg file.

Install-Package may fail with the following message, when packages need to be restored from custom source

Install-Package : Some NuGet packages are missing from the solution. The packages need to be restored in order to build the dependency graph. Restore the packages before performing any operations.

To restore packages from custom source, use nuget command, thus

nuget restore -Source Path

Note that Path has to be an absolute path; multiple paths can be separated by semicolon e.g. C:\packages;https://www.myget.org/F/nuget.

Dealing with .NET’s messy WebBrowser control


I’ve been trying hard to coax .NET’s WebBrowser control to log in using PingFederate federation server. I particularly don’t want to mess with the registry to change Internet Explorer’s browser emulation settings due to a single application. Something that with Android is amazingly simple, requires a lot of extra effort with .NET for the Desktop.

The WebBrowser control defaults to IE7 emulation as seen by the following User-Agent header, discovered using Fiddler.

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)

There’s a bug in the browser control that sends a trailing null character in POST data.

pf.username=xxx&pf.pass=xxx&pf.ok=clicked&pf.cancel=<NULL>

I had to extend the WebBrowser control, gain access to its internal ActiveX control, and use events of that control to modify the behavior just enough to be able to log in using PingFederate. The code that does that is reproduced below.

    public class ExtendedWebBrowser : WebBrowser
    {
        bool renavigating = false;

        public string UserAgent { get; set; }

        public delegate void BeforeNavigateDelegate(string url, ref bool cancel);

        public event BeforeNavigateDelegate HandleBeforeNavigate;

        public delegate void NavigateErrorDelegate(string url, ref bool cancel);

        public event NavigateErrorDelegate HandleNavigateError;

        public ExtendedWebBrowser()
        {
            DocumentCompleted += SetupBrowser;

            //this will cause SetupBrowser to run (we need a document object)
            Navigate("about:blank");
        }

        void SetupBrowser(object sender, WebBrowserDocumentCompletedEventArgs e)
        {
            DocumentCompleted -= SetupBrowser;
            SHDocVw.WebBrowser xBrowser = (SHDocVw.WebBrowser)ActiveXInstance;
            xBrowser.BeforeNavigate2 += BeforeNavigate;
            xBrowser.NavigateError += NavigateError;
        }

        private void NavigateError(object pDisp, ref object URL, ref object Frame, ref object StatusCode, ref bool Cancel)
        {
            if (HandleNavigateError != null)
                HandleNavigateError.Invoke((string)URL, ref Cancel);
        }

        void BeforeNavigate(object pDisp, ref object url, ref object flags, ref object targetFrameName,
            ref object postData, ref object headers, ref bool cancel)
        {
            if (renavigating)
            {
                renavigating = false;
                if (HandleBeforeNavigate != null)
                {
                    HandleBeforeNavigate.Invoke((string)url, ref cancel);
                }
            }
            else
            {
                byte[] pSrc = (byte[])postData;
                byte[] p = pSrc;

                if (pSrc != null && pSrc[pSrc.Length - 1] == 0)
                {
                    // remove trailing null from POST data
                    p = new byte[((byte[])postData).Length - 1];
                    Array.Copy(((byte[])postData), p, p.Length);
                    renavigating = true;
                }

                if (!string.IsNullOrEmpty(UserAgent))
                {
                    headers += string.Format("User-Agent: {0}\r\n", UserAgent);
                    renavigating = true;
                }

                if (renavigating)
                {
                    Navigate((string)url, (string)targetFrameName, p, (string)headers);
                    cancel = true;
                }
            }
        }
    }

The authorization code returned by PingFederate can be obtained by registering for HandleNavigateError event. Using the HandleBeforeNavigate event handler does not work, because it is not invoked when the browser control is redirected after a 302 Not Found response.

            extendedWebBrowser1.HandleNavigateError += delegate (string url,
                ref bool cancel)
            {
                cancel = ExtractAuthorizationCode(url);
            };

Send content using PUT method


This post demonstrates how to send content to server from a client application written in C#. A typical REST API implements PUT methods to receive content from clients. I’ve been using RestSharp for most REST requests, but this is one use case it doesn’t provide for, yet. It is fairly easy to implement using .NET’s HttpClient.

Uri uri = ...
byte[] content = ...
string contentType = ... 

HttpClient client = new HttpClient();
ByteArrayContent httpContent = new ByteArrayContent(content);
httpContent.Headers.ContentType = new MediaTypeHeaderValue(contentType);
Task<HttpResponseMessage> put = client.PutAsync(uri, httpContent);
HttpResponseMessage response = put.Result;

Task<string> read = response.Content.ReadAsStringAsync();

if (response.StatusCode == HttpStatusCode.Created)
    // use read.Result