Exetools  

Go Back   Exetools > General > Source Code

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 02-28-2018, 09:42
Fyyre's Avatar
Fyyre Fyyre is offline
Fyyre
 
Join Date: Dec 2009
Location: 0°N 0°E / 0°N 0°E / 0; 0
Posts: 173
Rept. Given: 44
Rept. Rcvd 65 Times in 29 Posts
Thanks Given: 39
Thanks Rcvd at 184 Times in 71 Posts
Fyyre Reputation: 65
Have fun (free kcms...)

this is not source but... expires soon.

have fun with the free kernel mode signing certificate.

example usage:

Code:
"C:\Program Files (x86)\Windows Kits\8.0\bin\x64\signtool.exe" sign C17761DD3B2FCCB2AF39A7A6D888AE6E646637F1 /ac C:\Certs\thawte.cer /ph /fd SHA256 /v /tr http://sha256timestamp.ws.symantec.com/sha256/timestamp
__________________
-Fyyre

--
https://github.com/Fyyre
https://twitter.com/Fyyre

Last edited by Fyyre; 03-01-2018 at 11:20.
Reply With Quote
The Following 4 Users Say Thank You to Fyyre For This Useful Post:
bongos_man (02-28-2018), devwhatsapp (03-05-2018), vic4key (03-04-2018), zeffy (02-28-2018)
  #2  
Old 02-28-2018, 20:04
Kerlingen Kerlingen is offline
VIP
 
Join Date: Feb 2011
Posts: 295
Rept. Given: 0
Rept. Rcvd 274 Times in 97 Posts
Thanks Given: 0
Thanks Rcvd at 247 Times in 73 Posts
Kerlingen Reputation: 200-299 Kerlingen Reputation: 200-299 Kerlingen Reputation: 200-299
This is a code signing certificate, no kernel mode signing certificate.

Code:
signtool sign /ac thawte.cer /ph /fd SHA256 /v /tr http://sha256timestamp.ws.symantec.com/sha256/timestamp driver.sys
The following certificate was selected:
    Issued to: YD Online Corp.
    Issued by: thawte SHA256 Code Signing CA
    Expires:   Tue May 15 00:59:59 2018
    SHA1 hash: C17761DD3B2FCCB2AF39A7A6D888AE6E646637F1

Cross certificate chain (using machine store):
    Issued to: Microsoft Code Verification Root
    Issued by: Microsoft Code Verification Root
    Expires:   Sat Nov 01 14:54:03 2025
    SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3

        Issued to: thawte Primary Root CA
        Issued by: Microsoft Code Verification Root
        Expires:   Mon Feb 22 20:41:57 2021
        SHA1 hash: 5538E9FEC14030B740152349E115A1165D29074A

            Issued to: thawte SHA256 Code Signing CA
            Issued by: thawte Primary Root CA
            Expires:   Sun Dec 10 00:59:59 2023
            SHA1 hash: D00CFDBF46C98A838BC10DC4E097AE0152C461BC

                Issued to: YD Online Corp.
                Issued by: thawte SHA256 Code Signing CA
                Expires:   Tue May 15 00:59:59 2018
                SHA1 hash: C17761DD3B2FCCB2AF39A7A6D888AE6E646637F1

Done Adding Additional Store
Successfully signed: driver.sys

Number of files successfully Signed: 1
Number of warnings: 0
Number of errors: 0
Normal:
Code:
signtool verify driver.sys
Successfully verified: driver.sys
Authenticode:
Code:
signtool verify /pa driver.sys
Successfully verified: driver.sys
Kernel-mode:
Code:
signtool verify /kp driver.sys
SignTool Error: The signing certificate is not valid for the requested usage.
Test:
Code:
net start driver
System error 577 has occurred.
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Reply With Quote
The Following User Says Thank You to Kerlingen For This Useful Post:
vic4key (03-04-2018)
  #3  
Old 03-01-2018, 09:49
chants chants is offline
Family
 
Join Date: Jul 2016
Posts: 419
Rept. Given: 0
Rept. Rcvd 25 Times in 16 Posts
Thanks Given: 331
Thanks Rcvd at 632 Times in 311 Posts
chants Reputation: 25
Code signing certificates are not so hard to obtain. But authenticode/kernel driver signing certificates require a bit of paperwork and checks.
Reply With Quote
  #4  
Old 03-01-2018, 11:18
Fyyre's Avatar
Fyyre Fyyre is offline
Fyyre
 
Join Date: Dec 2009
Location: 0°N 0°E / 0°N 0°E / 0; 0
Posts: 173
Rept. Given: 44
Rept. Rcvd 65 Times in 29 Posts
Thanks Given: 39
Thanks Rcvd at 184 Times in 71 Posts
Fyyre Reputation: 65
Odd. Loads the drivers I signed with it just fine.

Quote:
Originally Posted by Kerlingen View Post
This is a code signing certificate, no kernel mode signing certificate.
[/code]
Quote:
Originally Posted by chants View Post
Code signing certificates are not so hard to obtain. But authenticode/kernel driver signing certificates require a bit of paperwork and checks.
Is why you steal them....
__________________
-Fyyre

--
https://github.com/Fyyre
https://twitter.com/Fyyre
Reply With Quote
  #5  
Old 03-05-2018, 22:05
devwhatsapp devwhatsapp is offline
Friend
 
Join Date: Nov 2017
Posts: 8
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 5
Thanks Rcvd at 1 Time in 1 Post
devwhatsapp Reputation: 0
Certificate only available to VIP ?
Reply With Quote