Exetools  

Go Back   Exetools > General > Source Code

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 02-28-2018, 09:42
Fyyre's Avatar
Fyyre Fyyre is offline
Fyyre
 
Join Date: Dec 2009
Location: 0°N 0°E / 0°N 0°E / 0; 0
Posts: 178
Rept. Given: 46
Rept. Rcvd 65 Times in 29 Posts
Thanks Given: 46
Thanks Rcvd at 198 Times in 73 Posts
Fyyre Reputation: 65
Have fun (free kcms...)

this is not source but... expires soon.

have fun with the free kernel mode signing certificate.

example usage:

Code:
"C:\Program Files (x86)\Windows Kits\8.0\bin\x64\signtool.exe" sign C17761DD3B2FCCB2AF39A7A6D888AE6E646637F1 /ac C:\Certs\thawte.cer /ph /fd SHA256 /v /tr http://sha256timestamp.ws.symantec.com/sha256/timestamp
__________________
-Fyyre

--
https://github.com/Fyyre
https://twitter.com/Fyyre

Last edited by Fyyre; 03-01-2018 at 11:20.
Reply With Quote
The Following 4 Users Say Thank You to Fyyre For This Useful Post:
bongos_man (02-28-2018), vic4key (03-04-2018), zeffy (02-28-2018)
  #2  
Old 02-28-2018, 20:04
Kerlingen Kerlingen is offline
VIP
 
Join Date: Feb 2011
Posts: 298
Rept. Given: 0
Rept. Rcvd 274 Times in 97 Posts
Thanks Given: 0
Thanks Rcvd at 250 Times in 74 Posts
Kerlingen Reputation: 200-299 Kerlingen Reputation: 200-299 Kerlingen Reputation: 200-299
This is a code signing certificate, no kernel mode signing certificate.

Code:
signtool sign /ac thawte.cer /ph /fd SHA256 /v /tr http://sha256timestamp.ws.symantec.com/sha256/timestamp driver.sys
The following certificate was selected:
    Issued to: YD Online Corp.
    Issued by: thawte SHA256 Code Signing CA
    Expires:   Tue May 15 00:59:59 2018
    SHA1 hash: C17761DD3B2FCCB2AF39A7A6D888AE6E646637F1

Cross certificate chain (using machine store):
    Issued to: Microsoft Code Verification Root
    Issued by: Microsoft Code Verification Root
    Expires:   Sat Nov 01 14:54:03 2025
    SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3

        Issued to: thawte Primary Root CA
        Issued by: Microsoft Code Verification Root
        Expires:   Mon Feb 22 20:41:57 2021
        SHA1 hash: 5538E9FEC14030B740152349E115A1165D29074A

            Issued to: thawte SHA256 Code Signing CA
            Issued by: thawte Primary Root CA
            Expires:   Sun Dec 10 00:59:59 2023
            SHA1 hash: D00CFDBF46C98A838BC10DC4E097AE0152C461BC

                Issued to: YD Online Corp.
                Issued by: thawte SHA256 Code Signing CA
                Expires:   Tue May 15 00:59:59 2018
                SHA1 hash: C17761DD3B2FCCB2AF39A7A6D888AE6E646637F1

Done Adding Additional Store
Successfully signed: driver.sys

Number of files successfully Signed: 1
Number of warnings: 0
Number of errors: 0
Normal:
Code:
signtool verify driver.sys
Successfully verified: driver.sys
Authenticode:
Code:
signtool verify /pa driver.sys
Successfully verified: driver.sys
Kernel-mode:
Code:
signtool verify /kp driver.sys
SignTool Error: The signing certificate is not valid for the requested usage.
Test:
Code:
net start driver
System error 577 has occurred.
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Reply With Quote
The Following User Says Thank You to Kerlingen For This Useful Post:
vic4key (03-04-2018)
  #3  
Old 03-01-2018, 09:49
chants chants is offline
Family
 
Join Date: Jul 2016
Posts: 456
Rept. Given: 2
Rept. Rcvd 30 Times in 18 Posts
Thanks Given: 376
Thanks Rcvd at 726 Times in 333 Posts
chants Reputation: 30
Code signing certificates are not so hard to obtain. But authenticode/kernel driver signing certificates require a bit of paperwork and checks.
Reply With Quote
  #4  
Old 03-01-2018, 11:18
Fyyre's Avatar
Fyyre Fyyre is offline
Fyyre
 
Join Date: Dec 2009
Location: 0°N 0°E / 0°N 0°E / 0; 0
Posts: 178
Rept. Given: 46
Rept. Rcvd 65 Times in 29 Posts
Thanks Given: 46
Thanks Rcvd at 198 Times in 73 Posts
Fyyre Reputation: 65
Odd. Loads the drivers I signed with it just fine.

Quote:
Originally Posted by Kerlingen View Post
This is a code signing certificate, no kernel mode signing certificate.
[/code]
Quote:
Originally Posted by chants View Post
Code signing certificates are not so hard to obtain. But authenticode/kernel driver signing certificates require a bit of paperwork and checks.
Is why you steal them....
__________________
-Fyyre

--
https://github.com/Fyyre
https://twitter.com/Fyyre
Reply With Quote
  #5  
Old 03-05-2018, 22:05
devwhatsapp
 
Posts: n/a
Certificate only available to VIP ?
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On



All times are GMT +8. The time now is 12:19.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX