Exetools

Exetools (https://forum.exetools.com/index.php)
-   Source Code (https://forum.exetools.com/forumdisplay.php?f=46)
-   -   have fun with it (https://forum.exetools.com/showthread.php?t=18679)

Fyyre 02-28-2018 09:42

Have fun (free kcms...)
 
this is not source but... expires soon.

have fun with the free kernel mode signing certificate.

example usage:

Code:

"C:\Program Files (x86)\Windows Kits\8.0\bin\x64\signtool.exe" sign C17761DD3B2FCCB2AF39A7A6D888AE6E646637F1 /ac C:\Certs\thawte.cer /ph /fd SHA256 /v /tr http://sha256timestamp.ws.symantec.com/sha256/timestamp

Kerlingen 02-28-2018 20:04

This is a code signing certificate, no kernel mode signing certificate.

Code:

signtool sign /ac thawte.cer /ph /fd SHA256 /v /tr http://sha256timestamp.ws.symantec.com/sha256/timestamp driver.sys
The following certificate was selected:
    Issued to: YD Online Corp.
    Issued by: thawte SHA256 Code Signing CA
    Expires:  Tue May 15 00:59:59 2018
    SHA1 hash: C17761DD3B2FCCB2AF39A7A6D888AE6E646637F1

Cross certificate chain (using machine store):
    Issued to: Microsoft Code Verification Root
    Issued by: Microsoft Code Verification Root
    Expires:  Sat Nov 01 14:54:03 2025
    SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3

        Issued to: thawte Primary Root CA
        Issued by: Microsoft Code Verification Root
        Expires:  Mon Feb 22 20:41:57 2021
        SHA1 hash: 5538E9FEC14030B740152349E115A1165D29074A

            Issued to: thawte SHA256 Code Signing CA
            Issued by: thawte Primary Root CA
            Expires:  Sun Dec 10 00:59:59 2023
            SHA1 hash: D00CFDBF46C98A838BC10DC4E097AE0152C461BC

                Issued to: YD Online Corp.
                Issued by: thawte SHA256 Code Signing CA
                Expires:  Tue May 15 00:59:59 2018
                SHA1 hash: C17761DD3B2FCCB2AF39A7A6D888AE6E646637F1

Done Adding Additional Store
Successfully signed: driver.sys

Number of files successfully Signed: 1
Number of warnings: 0
Number of errors: 0

Normal:
Code:

signtool verify driver.sys
Successfully verified: driver.sys

Authenticode:
Code:

signtool verify /pa driver.sys
Successfully verified: driver.sys

Kernel-mode:
Code:

signtool verify /kp driver.sys
SignTool Error: The signing certificate is not valid for the requested usage.

Test:
Code:

net start driver
System error 577 has occurred.
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


chants 03-01-2018 09:49

Code signing certificates are not so hard to obtain. But authenticode/kernel driver signing certificates require a bit of paperwork and checks.

Fyyre 03-01-2018 11:18

Odd. Loads the drivers I signed with it just fine.

Quote:

Originally Posted by Kerlingen (Post 112459)
This is a code signing certificate, no kernel mode signing certificate.
[/code]

Quote:

Originally Posted by chants (Post 112464)
Code signing certificates are not so hard to obtain. But authenticode/kernel driver signing certificates require a bit of paperwork and checks.

Is why you steal them....

devwhatsapp 03-05-2018 22:05

Certificate only available to VIP ?


All times are GMT +8. The time now is 22:20.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX