Thread: Signing a Windows Kernel driver without using Microsoft
View Single Post
  #10  
Old 01-27-2023, 23:06
Kerlingen Kerlingen is offline
VIP
  
Join Date: Feb 2011
Posts: 324
Rept. Given: 0
Rept. Rcvd 276 Times in 98 Posts
Thanks Given: 0
Thanks Rcvd at 309 Times in 96 Posts
Kerlingen Reputation: 200-299 Kerlingen Reputation: 200-299 Kerlingen Reputation: 200-299
Quote:
Originally Posted by chants View Post
There is always hacking the private key of a trusted signing authority.
No, there is not. The only trusted authority which has ever existed is Microsoft itself and all intermediate cross-certificates signed by Microsoft have expired at least two years ago.

Quote:
Originally Posted by chants View Post
Also you could crack Windows to not check, although if on EFI, might have to hack that private key as well. Or fallback to MBR.
If you don't want Windows to check driver signatures on your own computer, then you can just turn it off. Windows provides several official ways to load drivers without proper signatures, but they are all limited to your computer and will not work when trying to distribute the driver to regular Windows systems without modifications. Microsoft is not like Apple, so Windows still allows you to switch off security features.

Quote:
Originally Posted by Elisa3167 View Post
Another thing you could do... Fake the timestamp-server response.
And why would Windows trust your fake timeserver's signature? Also, as explained above, the timestamp doesn't really matter for kernel driver signatures.
Reply With Quote
The Following 3 Users Say Thank You to Kerlingen For This Useful Post:
Stingered (01-28-2023), tonyweb (01-29-2023), yoza (01-27-2023)