No, I don't have any tool or script to decrypt oembios.dat files. I just let MGADiag decrypt them for me. But now that you mention it, I may look into it.
+1 from me, would be really nice to have (even most - if not all known sets - are already decryptedin the sticky thread) I think freestyler could have such tool... Also there is a tool from xehqter at msfn forum (but I do not think it is offline) OEMBIOS Scanner v1.4.1 by Jeremy (xehqter) sebus
crypto's scripts above fail when trying to run on another Platform, eg: Vista, Windows 7 and Windows Server 2008 You can fix this by submitting the OS version to validate against (using the /o switch), eg: Windows XP Code: @echo off signtool.exe verify /v /o 2:5.1.2600 /a oembios.cat signtool.exe verify /o 2:5.1.2600 /c oembios.cat oembios.bin oembios.dat oembios.sig pause or Code: @echo off signtool.exe verify /v /o 2:5.1 /a oembios.cat signtool.exe verify /o 2:5.1 /c oembios.cat oembios.bin oembios.dat oembios.sig pause Windows Server 2003 Code: @echo off signtool.exe verify /v /o 2:5.2.3790 /a oembios.cat signtool.exe verify /o 2:5.2.3790 /c oembios.cat oembios.bin oembios.dat oembios.sig pause or Code: @echo off signtool.exe verify /v /o 2:5.2 /a oembios.cat signtool.exe verify /o 2:5.2 /c oembios.cat oembios.bin oembios.dat oembios.sig pause
Hi, Thanks to crypto, FreeStyler & all ! Sir(s), I have run the XP OEMBIOS SET VERIFIER from within Windows 7 ulti sp1 x86 but the results are not very clear to me . One line on top of the result's text seems to be alarming (BOLD & CAPITAL) ! The exact text is : Verifying: OEMBIOS.CAT UNABLE TO VERIFY THIS FILE USING A CATALOG. SHA1 hash of file: 4C5184772340740DEB58077CD74DFD40E4AA26D7 Signing Certificate Chain: Issued to: Microsoft Root Authority Issued by: Microsoft Root Authority Expires: 12/31/2020 12:30:00 PM SHA1 hash: A43489159A520F0D93D032CCAF37E7FE20A8B419 Issued to: Microsoft Windows Hardware Compatibility Issued by: Microsoft Root Authority Expires: 12/31/2002 12:30:00 PM SHA1 hash: 109F1CAED645BB78B3EA2B94C0697C740733031C Issued to: Microsoft Windows Hardware Compatibility Publisher Issued by: Microsoft Windows Hardware Compatibility Expires: 12/30/2002 12:30:00 PM SHA1 hash: 014C3D7F66B396D2250DD1D26ADBFF748B916B2A The signature is timestamped: 5/29/2002 1251 AM Timestamp Verified by: Issued to: NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. Issued by: NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. Expires: 1/8/2004 5:29:59 AM SHA1 hash: 18F7C1FCC3090203FD5BAA2F861A754976C8DD25 Issued to: VeriSign Time Stamping Service Issued by: NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. Expires: 1/7/2004 5:29:59 AM SHA1 hash: 23348A128A2A9ABA478C9AAD1EC275F444F078D3 Successfully verified: OEMBIOS.CAT Number of files successfully Verified: 1 Number of warnings: 0 Number of errors: 0 Successfully verified: OEMBIOS.BIN Successfully verified: OEMBIOS.DAT Successfully verified: OEMBIOS.SIG Press any key to continue . . . Please help me to understand ! Thanks & Regards, LittlePro.
Hi All, Its time to offer some help to the novice users (like me) in verifying OEMBIOS SETS and understand it as per this thread. we would be going with xp oembios sets verification. [CREDITS : crypto, FreeStyler & All ! ] Sir(s), 1. make a system restore point first. 2. extract OEMBIOS SET & crypto's archieve (the very first post) in the same folder. 3. go to 4rd or 5th step according to the OS you are running the test from. 4. if you are doing it from XP : Just run anyone of the two scripts (ending with .cmd extension) by double clicking and have the results. OR 5. if you are doing it from OS other than XP (Vista,7,etc.), you would need to replace any one of the crypto's script files matter(with .cmd extension) , with the one provided by freeStyler for xp, (first post on this page), without any other change in the extracted folder. so here we go : (a) we would copy anyone of the two scripts/matter ,provided by FreeStyler for xp, to a document :wordpad, ms word, text,etc. (b) we would select & right click one of the crypto's scripts in the extracted folder and go for 'EDIT' (it will open in notepad) (c) now we would select the whole matter and delete it . (d) now we would use FreeStyler's matter (previously copied to a document) and paste it into the script and now we would save the script (with the original .cmd extension) (e) now we can run the script anytime and have the results. [CONCEPTS: the crypto's script checks the xp oembios set against the running OS, assuming it an xp OS which is not true (we are running script from other than xp). so it doesn't produce valuable results. but FreeStyler infused the xp code in the script and now it checks the oembios set against the code and the results are fine and valuable ! we may change the name of the script but its not needed/matters, as long as its extension is '.cmd' (as originals). there is another way that we don't change the extracted folder/crypto's scripts .we would forget the crypto's scripts. instead ,we would make new script with freestyler's matter and just place it in the extracted folder. here is how we do it. (a) open a new notepad (b) paste the xp script matter provided by freeStyler (anyone of the two) in the notepad (c) save it as a file with extension '.cmd' (without quotes) (d) and finally, place the file in the extracted folder. now we can run this new script anytime and have the results. Likewise, notepad; different texts, formats,etc & different file extensions such as .bat,.cmd,etc are used altogether to perform different actions.] Are you getting capicom.dll/signtool errors in the results ? just wait a little ! Thanks & Regards, LittlePro.
Are you getting 'capicom.dll/signtool' errors in the results ? just wait a little ! So, i am back here , sorry for the delay ! the procedure involves : one download from the microsoft official website, extracting 'capicom.dll' and finally, placing & register it in folders as appropriate for 32 & 64 bit OS. (through all the process neglect Quotes i.e. ' ' & '' '') 1. Download : google 'capicom.dll download' and go for Microsoft official download. Platform SDK Redistributable: CAPICOM Version: 2.1.0.2 File Name: capicom_dc_sdk.msi Date Published: 9/26/2016 File Size: 1.8 MB ( don't need to go/care for further details, just download & follow here. it would work for 32 & 64 bit OS and Xp through windows 8 , don't know about Windows 10) 2. extracting capicom.dll (first make a system restore point for precaution as always !) there are various ways to extract the downloaded file to get capicom.dll : (a) get one of them installed i.e. 7 zip, WinRar, HaoZip , Bandizip, PowerArchiver etc. archivers and use it (mine 7zip) (b) use portable dedicated tool 'Less MSIĆ©rables' or 'LessMSI' ( i think the best & easiest way from any point of view ) (c)Extract An MSI File Using The Command Line i.e. from command prompt/ Run Box : msiexec /a pathtoMSIfile /qn TARGETDIR=pathtotargetfolder for eg. i have placed 'capicom_dc_sdk.msi' in 'c:\NewFolder1' and want to get it extracted to 'c:\NewFolder2' (both folders 'NewFolder1' & 'NewFolder2' were made temporarily in 'c:\' i.e. in c: root and not having any space in the name !) msiexec /a c:\NewFolder1\capicom_dc_sdk.msi /qn TARGETDIR=c:\NewFolder2 and i get capicom.dll @ 'c:\NewFolder2\PFiles\Microsoft CAPICOM 2.1.0.2 SDK\Lib\x86\' 3. placing & registering 'capicom.dll' ( this needs administrator's rights ) (a) In 32 Bit OS : place capicom.dll in 'c:\Windows\System32' (obviously root and not a sub folder!) and find 'cmd.exe' there itself. Right click cmd.exe and go for 'Run as administrator' and then type 'regsvr32 capicom.dll' @ command prompt and press 'Enter' for eg. navigate to folder 'c:\Windows\System32' , place 'capicom.dll' there and find 'cmd.exe' there itself and run it as administrator and then register capicom.dll @ command prompt i.e. 'c:\Windows\System32>regsvr32 capicom.dll' and press 'Enter' (b) similarly it has to be done in 64 bit OS, but the folder 'System32' is changed by 'SysWOW64' just next to 'System32' in 64 bit OS ! for eg. navigate to folder 'c:\Windows\SysWOW64', place capicom.dll there (in root & not in a sub folder, as above !). then find cmd.exe there itself and run it as administrator and then register capicom.dll @ command prompt i.e. 'c:\Windows\SysWOW64>regsvr32 capicom.dll' & press 'Enter'. Now, run the scripts as told earlier and if everything done well, there should be no signtool/capicom.dll error anymore. it works for various capicom.dll issues and purposes. Thanks & Regards, LittlePro.