[Bug 55165] New: Age of Empires II Definitive Edition quits on startup, due to WinVerifyTrust() failing on game binaries.
https://bugs.winehq.org/show_bug.cgi?id=55165 Bug ID: 55165 Summary: Age of Empires II Definitive Edition quits on startup, due to WinVerifyTrust() failing on game binaries. Product: Wine Version: unspecified Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: wintrust Assignee: wine-bugs(a)winehq.org Reporter: david(a)davidgow.net Distribution: --- The latest update of Age of Empires II: Definitive Edition no longer runs under wine and wine derivatives like Proton, Crossover, etc. This is because the updated version has an anti-tampering check which calls WinVerifyTrust() on all of the bundled .exe and .dll files (even those the game doesn't use). Under Wine, WinVerifyTrust() fails with TRUST_E_CERT_SIGNATURE on these PE files, even though it works on other signed executables. Patching wine to always return 0 from WinVerifyTrust() allows the game to start, and to run successfully. See: https://github.com/ValveSoftware/Proton/issues/3189#issuecomment-1610974028 I've written a simple program which calls WinVerifyTrust() on a file and prints the error: (source): https://davidgow.net/stuff/trustchk.c (x86_64 binary): https://davidgow.net/stuff/trustchk64.exe The trustchk64.exe binary is signed, so "trustchk64.exe trustchk64.exe" prints: trustchk64.exe: 0 (Success. ) Running against an unsigned binary gives: trustchk.exe: 800B0100 (No Signature found in file. ) Running against AoE2:DE's AoE2DE_s.exe file (or any other .exe or .dll from the game) fails with: AoE2DE_s.exe: 80096004 (TRUST_E_CERT_SIGNATURE: The signature of the certificate cannot be verified.) I've extracted the offending executable's signature with osslsigncode extract-signature: https://davidgow.net/stuff/AoE2DE_s.sig Equally, I've verified the executable signature with osslsigncode: https://davidgow.net/stuff/AoE2DE_s.sig-verify.txt The Steam game info for the affected version is: App ID: 813780 Build ID: 11543327 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=55165 --- Comment #1 from Hans Leidekker <hans(a)meelstraat.net> --- Can you attach a WINEDEBUG=+wintrust,+chain,+crypt trace from the failure case? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=55165 --- Comment #2 from David Gow <david(a)davidgow.net> --- Created attachment 74741 --> https://bugs.winehq.org/attachment.cgi?id=74741 Log of WinVerifyTrust() failing on AoE2DE_s.exe (via trustchk) with WINEDEBUG=+wintrust,+chain,+crypt -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=55165 --- Comment #3 from Hans Leidekker <hans(a)meelstraat.net> --- 0024:trace:crypt:CRYPT_ImportPublicKeyInfoEx (00359470, 00000001, 0000000000358520, 00000000, 00000000, 0000000000000000, 000000000021F538) 0024:trace:crypt:CryptInitOIDFunctionSet ("CryptDllConvertPublicKeyInfo", 0) 0024:trace:crypt:CryptGetOIDFunctionAddress (00000000010BB320, 1, "1.2.840.10045.2.1", 00000000, 000000000021F3B8, 000000000021F3C0) 0024:trace:crypt:CryptGetOIDFunctionAddress returning 0 0024:trace:crypt:CryptDecodeObjectEx (0x00000001, #0013, 0000000000358740, 65, 0x00000000, 0000000000000000, 0000000000000000, 000000000021F3B4) 0024:trace:crypt:CryptDecodeObjectEx returning 0 1.2.840.10045.2.1 = ecEncryption. #0013 = RSA_CSP_PUBLICKEYBLOB. We're looking for RSA public key info but the issuer certificate is an EC certificate. In the success case the OID is 1.2.840.113549.1.1.1 = rsaEncryption, so the decoding succeeds. So essentially we need to add support for EC public keys in CryptImportPublicKeyInfoEx(). -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=55165 Hans Leidekker <hans(a)meelstraat.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|wintrust |crypt32 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=55165 Paul Gofman <pgofman(a)codeweavers.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pgofman(a)codeweavers.com --- Comment #4 from Paul Gofman <pgofman(a)codeweavers.com> --- I've been looking at that since yesterday, sent MR: https://gitlab.winehq.org/wine/wine/-/merge_requests/3201 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=55165 --- Comment #5 from Paul Gofman <pgofman(a)codeweavers.com> --- FWIW CryptImportPublicKeyInfoEx doesn't have support for such keys as my included test shows, looks like the correct place to handle it is crypt message handling. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=55165 David Gow <david(a)davidgow.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|UNCONFIRMED |RESOLVED --- Comment #6 from David Gow <david(a)davidgow.net> --- This was fixed by https://gitlab.winehq.org/wine/wine/-/merge_requests/3201, which landed in 8.12 and has filtered through to most downstream wine variants (e.g. Proton). -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=55165 Alexandre Julliard <julliard(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #7 from Alexandre Julliard <julliard(a)winehq.org> --- Closing bugs fixed in 8.21. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (1)
-
WineHQ Bugzilla