https://github.com/hackerhouse-opensource/SignToolEx

Patching "signtool.exe" to accept expired certificates for code-signing.
https://github.com/hackerhouse-opensource/SignToolEx

Last synced: about 2 months ago
JSON representation

Patching "signtool.exe" to accept expired certificates for code-signing.

• Host: GitHub
• URL: https://github.com/hackerhouse-opensource/SignToolEx
• Owner: hackerhouse-opensource
• Created: 2023-12-29T14:26:45.000Z (9 months ago)
• Default Branch: main
• Last Pushed: 2023-12-29T15:08:41.000Z (9 months ago)
• Last Synced: 2024-06-12T03:36:04.335Z (3 months ago)
• Language: C++
• Size: 446 KB
• Stars: 260
• Watchers: 8
• Forks: 40
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# SignToolEx

SignToolEx uses Microsoft Detours hooking library to hijack "signtool.exe" and modify

expired code-signing certificates to appear valid, allowing to codesign without changing

system clock. This allows expired (leaked) certificates to be used for code-signing but

does not permit spoofing Authenticode timestamps. Some versions of Windows (such as 10)

accept and load .sys device drivers when signed with expired certificates regardless. 

This tool is used in the same way as "signtool.exe" by simply running "SignToolEx.exe",

needs SignToolExHook.dll in the current directory and "signtool.exe" in your %PATH%.

```

C:\tools\SignToolEx>SignToolEx.exe sign /v /f nvidia0.pfx /p **redacted** /fd SHA256 c:\temp\bin.exe

The following certificate was selected:

    Issued to: NVIDIA Corporation

    Issued by: VeriSign Class 3 Code Signing 2010 CA

    Expires:   Sat Jul 26 17:59:59 3000

    SHA1 hash: 30632EA310114105969D0BDA28FDCE267104754F

Done Adding Additional Store

Successfully signed: c:\temp\bin.exe

Number of files successfully Signed: 1

Number of warnings: 0

Number of errors: 0

```

These files are available under a Attribution-NonCommercial-NoDerivatives 4.0 International license.