[Bug 53303] New: Tycho: When Tycho tries to run a companion exe it corrupts the exe (VirusTotal check is clean)

WineHQ Bugzilla wine-bugs at winehq.org
Sun Jul 3 17:14:33 CDT 2022 

https://bugs.winehq.org/show_bug.cgi?id=53303

            Bug ID: 53303
           Summary: Tycho: When Tycho tries to run a companion exe it
                    corrupts the exe (VirusTotal check is clean)
           Product: Wine
           Version: 7.12
          Hardware: x86-64
                OS: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: -unknown
          Assignee: wine-bugs at winehq.org
          Reporter: jessethecandent at gmail.com
      Distribution: ---

Created attachment 72680
  --> https://bugs.winehq.org/attachment.cgi?id=72680
sha1 hashes for files

A VirusTotal scan for the programs involved is clean along with the corrupted
programs. 

I am using the development version of wine (wine-7.12). 

Tycho uses a modified version of Find_Orb (find_o64_modified.exe) for some of
its tasks but will corrupt it when it tries to use it. If dosbox is available,
wine will run the corrupt exe in dosbox. Wine versions 5.16 and below will make
a corrupt find_o64_modified.exe.tmp instead of replacing the original exe,
which allows Tycho to properly use Find_Orb so Tycho can identify known minor
planets. However, a version of wine that old has bad OpenCL support. In a
windows 10 VM the hash of find_o64_modified.exe does not change when Tycho uses
it. Given Find_Orb's important place in the workflow of searching for minor
planets, people would quickly notice if it got corrupted in windows.

Corrupt exe observations:
-The corrupt exe is usually smaller than the original, even if you target
smallexe64.exe (https://github.com/katahiromz/smallexe), giving you a 3 byte
exe.
-The corrupt exe contains pieces of the original exe and stuff not in the
original exe.
-The same target exe produces the same corrupt exe but a different target exe
produces a different corrupt exe.
-Corrupting a corrupt exe does not change it.

warn+all doesn't give anything useful and a trace+all capture of the corruption
event ran my VM out of disk space.

Reproduction instructions:
Running Linux in a VM is recommended due to exe corruption. Uninstall dosbox if
you don't want to run the corrupted exe.
Go to www.tycho-tracker.com/download and download the "Tycho" (v9.2) installer
zip and the "Find_Orb [modified for Tycho]" (2021-07-20) zip file.
Extract the Tycho installer from its zip file.
In a 64 bit wine prefix run the Tycho installer.
Extract the find_orb_2021-07-20/find_o64/ directory and place the find_o64
directory in the wine drive_c directory.
Make a copy of find_o64_modified.exe and place it somewhere for future
reference.
Use wine to run Program Files/Tycho/Tycho.exe  .
Click continue at the invitation to register window.
Go to the Settings dropdown menu and click on Find_Orb.
In the "Full Path to Find_Orb Modified Executable" section click browse and go
to the find_o64_modified.exe extracted previously (or put in a different file
you wish to corrupt)
Click on "Run Diagnostic Test". THIS WILL CORRUPT THE SELECTED EXE. IT WILL RUN
IF YOU HAVE DOSBOX INSTALLED!!
A successful test would look like:
[2022/07/02 16:20:20]: Ready.
[2022/07/02 16:20:22]: Beginning test...
[2022/07/02 16:20:23]: [INFO] Returned identifier=[131075], num tries=[0]
[2022/07/02 16:20:23]: [ OK ] Version [5] is a supported version.
[2022/07/02 16:20:23]: End of test.
[2022/07/02 16:20:23]: Ready.
Close Tycho and compare the find_o64_modified.exe (or other file you corrupted)
to the good copy you have.

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list