Makecat failure: no members found

0

I am trying to modify existing input cdf file to use SHA256 instead of SHA1 by adding following two lines under [CatalogHeader] section:

CatalogVersion=2
HashAlgorithms=SHA256

Executing makecat.exe now gives me following failure message even though nothing under [CatalogFiles] has changed:

Failed: CryptCATCDFEnumMembersByCDFTagEx. Last Error: 0x00000057
Failed: No members found. Last Error: 0x00000057

Failed 0x00000057 (87)

Makecat does find and hash all files if I take out two lines I added.

Can anybody give me an idea what might be going wrong here?

Here is an example cdf file for MCVE:

[CatalogHeader]
Name=MCVE.cat
CatalogVersion=2
HashAlgorithms=SHA256

[CatalogFiles]
MCVE.xml=MCVE.xml

MCVE.xml is any old xml file you can find.

windows
sha256
asked on Stack Overflow Sep 11, 2018 by Paul • edited Sep 12, 2018 by Paul

2 Answers

2

I encountered the same problem but was able to get it to work by putting '< HASH >' (without spaces) in front of each file entry. Example:

[CatalogFiles]
<HASH>manifest.json=.\manifest.json
<HASH>bsi.json=.\bsi.json

However, this causes the catalog file's entries to be tagged by their hash, instead of their filename, when viewing the .cat file in Windows Explorer. You can somewhat work around this by adding a custom attribute to display the filename in the catalog entry's details, as follows:

[CatalogFiles]
<HASH>manifest.json=.\manifest.json
<HASH>manifest.jsonATTR1=0x11010001:File:manifest.json
<HASH>bsi.json=.\bsi.json
<HASH>bsi.jsonATTR1=0x11010001:File:bsi.json

The attribute type is composed of (https://docs.microsoft.com/en-us/windows/desktop/seccrypto/makecat):

  • 0x10000000: attribute is included in the catalog's hash
  • 0x01000000: don't create a duplicated attribute with SHA1 hash (when using SHA256 and catalog version 2)
  • 0x00010000: attribute is in plaintext, not base64
  • 0x00000001: attribute is a keyvalue pair (e.g. File=bsi.json)

I discovered this workaround after running into the same problem as you when I found this example here: https://www-user.tu-chemnitz.de/~heha/viewzip.cgi/basteln/PC/USB2LPT/usb2lpt.zip/src/Makefile?auto=MAK

Hope this helps.

answered on Stack Overflow Nov 8, 2018 by Jonathan Boles
1

Can't add comments yet ---

Just wanted to say Jonathan's example with the 0x11010001 attribute works great, but PowerShell's Test-FileCatalog will still say it fails to parse the file. Using FilePath instead of File fixed this. Not sure if this is in the spec or just a powershell quirk or what, but it's what PowerShell does with New-FileCatalog.

Bonus points for not including the SHA1 hash, thanks!

answered on Stack Overflow Jan 13, 2021 by Jeremy

User contributions licensed under CC BY-SA 3.0