Re: [Openvpn-users] Openvpn 2.4.8 on Windows 10: TAP32 Adapter seems to be fubared

[Nathan Stratton Treadway]

On Fri, Apr 03, 2020 at 14:56:05 -0400, Nathan Stratton Treadway wrote:
[mystery files found pre-installed on the computer with broken
TAP-Windows:]
>  Directory of 
> C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_6d4bec28a2ef0cdf
> 10/31/2019  02:11 AM            10,042 tap0901.cat
> 10/31/2019  02:09 AM            30,720 tap0901.sys

> 
> The sha1sums of the two versions of the file are:
> =====
> $ sha1sum *{program,system32}*tap09*
> 42189b6a1b8c736397113bfc2283f5e1e1a44e8e  failed_program-files_tap0901.sys
>   [the 39,920-byte file]
> 841a86f416a882b0743fd6d9c9f29baf3ed06b6a  failed_system32-drivers_tap0901.sys
>   [the 30,720-byte file]
> =====
> 
> 
> So.. do you recognize this 30,720-byte file at all, or have any ideas
> where it might have originated from?

It occurred to me that even though we don't need to install OpenVPN on a
Windows 7 box I could go ahead and download the Win7 installer and
see if the embedded TAP driver files match the ones included there.

Short answer: yes, the mystery files are exactly the same as the ones in
that installer.  

So, that doesn't really tell us how those driver files got installed on
the box before OpenVPN was ever installed -- but at least it tells us
exactly which files were involved....


                                                Nathan


Here's the transcript of the check:

First, the sha1sums of the "bad" files pulled out of the DriverStore\...
directory:

====
$ sha1sum failed_system32-driverstore_*
d85f4e65fe10f13ded1780ddbd074edfc75f2d25  
failed_system32-driverstore_oemvista.inf
d99e38968de1ca1850971a2b81bfdab49626aaed  
failed_system32-driverstore_tap0901.cat
841a86f416a882b0743fd6d9c9f29baf3ed06b6a  
failed_system32-driverstore_tap0901.sys
====
... and the original Windows timestamps:
====
C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_6d4bec28a2ef0cdf
03/27/2020  11:09 AM    <DIR>          .
03/27/2020  11:09 AM    <DIR>          ..
10/31/2019  02:09 AM             7,537 oemvista.inf
03/27/2020  11:09 AM             8,828 oemvista.PNF
10/31/2019  02:11 AM            10,042 tap0901.cat
10/31/2019  02:09 AM            30,720 tap0901.sys
====




Then, unpack the Win7 installer and check the files inside it:
====
$ sha1sum openvpn-install-2.4.8-I602-Win7.exe 
8c9f28d7bdbb4613777a9741809e34b91fd45a0f  openvpn-install-2.4.8-I602-Win7.exe

$ 7z e openvpn-install-2.4.8-I602-Win7.exe '$TEMP/tap-windows.exe'

7-Zip [64] 9.20  Copyright (c) 1999-2010 Igor Pavlov  2010-11-18
p7zip Version 9.20 (locale=en_US.UTF-8,Utf16=on,HugeFiles=on,8 CPUs)

Processing archive: openvpn-install-2.4.8-I602-Win7.exe

Extracting  $TEMP/tap-windows.exe

Everything is Ok

Size:       575288
Compressed: 4322568

$ ls -l
total 4788
-rw-rw-r-- 1 nathanst nathanst 4322568 Apr  4 14:28 
openvpn-install-2.4.8-I602-Win7.exe
-rw-rw-r-- 1 nathanst nathanst  575288 Oct 31 03:34 tap-windows.exe

$ sha1sum tap-windows.exe 
f0fd7873544739a0cac4cf93e446efe629c00668  tap-windows.exe

$ 7z x tap-windows.exe 
7-Zip [64] 9.20  Copyright (c) 1999-2010 Igor Pavlov  2010-11-18
p7zip Version 9.20 (locale=en_US.UTF-8,Utf16=on,HugeFiles=on,8 CPUs)

Processing archive: tap-windows.exe
[ ... bunch of files extracted; once again, I had to choose the "A(u)to
      rename all" option because the various flavors all try to unpack into
      the same subdirectories ... ]

$ cd */driver
[ ... the first-level subdirectory name is non-ascii, so use a wildcard
      to get down into the second-level "driver" subdirectory ... ]

$ grep amd *.inf
OemVista.inf:   %Provider% = tap0901, NTamd64
OemVista.inf:[tap0901.NTamd64]

$ file tap0901.*
tap0901.cat: data
tap0901.sys: PE32+ executable (native) x86-64, for MS Windows


$ ls -l {OemVista,tap0901}.*
-rw-rw-r-- 1 nathanst nathanst  7537 Oct 31 02:09 OemVista.inf
-rw-rw-r-- 1 nathanst nathanst 10042 Oct 31 02:11 tap0901.cat
-rw-rw-r-- 1 nathanst nathanst 30720 Oct 31 02:09 tap0901.sys

$ sha1sum {OemVista,tap0901}.*
d85f4e65fe10f13ded1780ddbd074edfc75f2d25  OemVista.inf
d99e38968de1ca1850971a2b81bfdab49626aaed  tap0901.cat
841a86f416a882b0743fd6d9c9f29baf3ed06b6a  tap0901.sys
====

So, the unpacked-from-archive timestamps and the sha1sums match for
all three files.


----------------------------------------------------------------------------
Nathan Stratton Treadway  -  natha...@ontko.com  -  Mid-Atlantic region
Ray Ontko & Co.  -  Software consulting services  -   http://www.ontko.com/
 GPG Key: http://www.ontko.com/~nathanst/gpg_key.txt   ID: 1023D/ECFB6239
 Key fingerprint = 6AD8 485E 20B9 5C71 231C  0C32 15F3 ADCD ECFB 6239


_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users