mandiant · Ana06 · May 13, 2025 · Jan 6, 2025 · Jan 16, 2025 · Jan 16, 2025
diff --git a/packages/binaryninja.vm/binaryninja.vm.nuspec b/packages/binaryninja.vm/binaryninja.vm.nuspec
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <id>binaryninja.vm</id>
+    <version>4.2.6455.20250417</version>
+    <authors>Vector 35, Inc.</authors>
+    <description>Binary Ninja is an interactive decompiler, disassembler, debugger, and binary analysis platform built by reverse engineers, for reverse engineers.</description>
+    <dependencies>
+      <dependency id="common.vm" version="0.0.0.20250509" />
+      <!-- vcbuildtools.vm installs signtool.exe needed by VM-Assert-Signature -->
+      <dependency id="vcbuildtools.vm" />
+    </dependencies>
+    <tags>Disassemblers</tags>
+  </metadata>
+</package>
diff --git a/packages/binaryninja.vm/tools/chocolateyinstall.ps1 b/packages/binaryninja.vm/tools/chocolateyinstall.ps1
@@ -0,0 +1,22 @@
+$ErrorActionPreference = 'Stop'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = "binaryninja"
+$category = VM-Get-Category($MyInvocation.MyCommand.Definition)
+
+try {
+  $url = "https://cdn.binary.ninja/installers/$($toolName)_free_win64.exe"
+  $executablePath = Join-Path ${Env:ProgramFiles} "Vector35\$toolName\$toolName.exe"
+
+  VM-Install-With-Installer -toolName $toolName `
+    -category $category `
+    -fileType 'EXE' `
+    -silentArgs '/S /ALLUSERS=1' `
+    -executablePath $executablePath `
+    -url $url `
+    -consoleApp $false `
+    -verifySignature
+
+} catch {
+  VM-Write-Log-Exception $_
+}
diff --git a/packages/binaryninja.vm/tools/chocolateyuninstall.ps1 b/packages/binaryninja.vm/tools/chocolateyuninstall.ps1
@@ -0,0 +1,10 @@
+$ErrorActionPreference = 'Continue'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = "binaryninja"
+$category = VM-Get-Category($MyInvocation.MyCommand.Definition)
+
+VM-Uninstall-With-Uninstaller -toolName $toolName `
+    -category $category `
+    -fileType "EXE" `
+    -silentArgs "/S /ALLUSERS=1"
diff --git a/packages/common.vm/common.vm.nuspec b/packages/common.vm/common.vm.nuspec
@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>common.vm</id>
-    <version>0.0.0.20250425</version>
+    <version>0.0.0.20250509</version>
     <description>Common libraries for VM-packages</description>
     <authors>Mandiant</authors>
   </metadata>

diff --git a/packages/common.vm/tools/vm.common/vm.common.psm1 b/packages/common.vm/tools/vm.common/vm.common.psm1
@@ -458,14 +458,18 @@ function VM-Install-From-Zip {
         if ($verifySignature) {
             # Check signature of all executable files individually
             Get-ChildItem -Path "$toolDir\*.exe" | ForEach-Object {
+                $file = $_
                 try {
                     # Check signature for each file
-                    VM-Assert-Signature $_.FullName
+                    VM-Assert-Signature $file.FullName
                 } catch {
-                    # Remove the file with invalid signature
-                    Write-Warning "Removing file '$($_.FullName)' due to invalid signature"
-                    Remove-Item $_.FullName -Force -ea 0 | Out-Null
                     VM-Write-Log-Exception $_
+                    if ($_.Exception.Message -like "INVALID SIGNATURE*")
+                    {
+                        # Remove the file with invalid signature
+                        VM-Write-Log "ERROR" "Removing file '$($file.FullName)' due to invalid signature"
+                        Remove-Item $file.FullName -Force -ea 0 | Out-Null
+                    }
                 }
             }
         }
@@ -738,6 +742,8 @@ function VM-Install-With-Installer {
         [Parameter(Mandatory=$false)]
         [bool] $consoleApp=$false,
         [Parameter(Mandatory=$false)]
+        [switch] $verifySignature,
+        [Parameter(Mandatory=$false)]
         [string] $arguments = "",
         [Parameter(Mandatory=$false)]
         [string] $iconLocation
@@ -753,9 +759,15 @@ function VM-Install-With-Installer {
         $packageArgs = @{
             packageName   = ${Env:ChocolateyPackageName}
             url           = $url
-            checksum      = $sha256
-            checksumType  = "sha256"
         }
+
+        # Add checksum details only if signature verification is not requested
+        if (-not $verifySignature)
+        {
+            $packageArgs.checksum     = $sha256
+            $packageArgs.checksumType = 'sha256'
+        }
+
         if ($ext -in @("zip", "7z")) {
             VM-Remove-PreviousZipPackage ${Env:chocolateyPackageFolder}
             $unzippedDir= Join-Path $toolDir "$($toolName)_installer"
@@ -781,6 +793,25 @@ function VM-Install-With-Installer {
             VM-Assert-Path $installerPath
         }
 
+        if ($verifySignature) {
+            # Check signature of all executable files individually
+            Get-ChildItem -path $toolDir -include *.msi, *.exe -recurse -File -ea 0 | ForEach-Object {
+                $file = $_
+                try {
+                    # Check signature for each file
+                    VM-Assert-Signature $file.FullName
+                } catch {
+                    VM-Write-Log-Exception $_
+                    if ($_.Exception.Message -like "INVALID SIGNATURE*")
+                    {
+                        # Remove the file with invalid signature
+                        VM-Write-Log "ERROR" "Removing file '$($file.FullName)' due to invalid signature"
+                        Remove-Item $file.FullName -Force -ea 0 | Out-Null
+                    }
+                }
+            }
+        }
+
         # Install tool via native installer
         $packageArgs = @{
             packageName   = ${Env:ChocolateyPackageName}