I tried 2015 and dll modified
726BD3D8 |. 85C0 TEST EAX,EAX
726BD3DA |. 74 05 JE SHORT 726BD3E1 ; capicom.726BD3E1
to Jmp
and later to Jne
If testsigning is off I got Triangle with ! and this message:
A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

others
Windows nu poate încărca driverul de dispozitiv pentru acest hardware. Este posibil ca driverul să fie deteriorat sau să lipsească. (Cod 39)
Windows cannot verify the digital signature for this file. The signing certificate for this file has been revoked.
or cod 52

Eroare de instalare
A certificate chain could not be built to a trusted root authority.

I find other pfx file , also expired, but maybe not revoked.
password in pass.txt.

Note: see the valid dates
openssl pkcs12 -info -in xxx.pfx -nodes -legacy | openssl x509 -noout -dates

C:\Program Files\OpenSSL-Win64\bin>openssl pkcs12 -info -in cs_20151112.pfx -nodes -legacy | openssl x509 -noout -dates
pkcs12: unable to load provider legacy
Hint: use -provider-path option or OPENSSL_MODULES environment variable.
A86C0000:error:12800067:DSO support routines:win32_load:could not load the shared library:crypto\dso\dso_win32.c:108:filename(C:\Program Files\OpenSSL\lib\ossl-modules\legacy.dll)
A86C0000:error:12800067:DSO support routines:DSO_load:could not load the shared library:crypto\dso\dso_lib.c:147:
A86C0000:error:07880025:common libcrypto routines:provider_init:reason(37):crypto\provider_core.c:950:name=legacy
Could not find certificate from <stdin>

C:\Program Files\OpenSSL-Win64\bin>

C:\1\signtool>signtool.exe sign -a -f cs1.pfx -p cs123456 -t http://timestamp.verisign.com/scripts/timstamp.dll exetools.cat
Done Adding Additional Store
SignTool Error: ISignedCode::Sign returned error: 0x80880253
The signer's certificate is not valid for signing.
SignTool Error: An error occurred while attempting to sign: Exetools.cat

Number of errors: 1

C:\Program Files\OpenSSL-Win64\bin>openssl pkcs12 -in cs1.pfx -out cs1.pem
Enter Import Password:

Enter PEM pass phrase:

Verifying - Enter PEM pass phrase:

Error outputting keys and certificates
68550000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto\evp\evp_fetch.c:355:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()

C:\Program Files\OpenSSL-Win64\bin>

how to fake timestamp ?

please guide me!

cause next does not work
2015
signtool.exe sign -a -f current_cert.pfx -p nv1d1aRules exetools.sys
signtool.exe sign -a -f current_cert.pfx -p nv1d1aRules exetools.cat

2015 or 2024
C:\1\signtool>signtool.exe timestamp /t http://timestamp.sectigo.com exetools.sys
Successfully timestamped: Exetools.sys
C:\1\signtool>signtool.exe timestamp /t http://timestamp.sectigo.com exetools.cat
Successfully timestamped: Exetools.cat


C:\1\signtool>signtool timestamp /t "http://tsa.pki.jemmylovejenny.tk/SHA1/2015-11-23T12:00:00" exetools.sys
SignTool Error: ISignedCode::Timestamp returned error: 0x80072EE7
An unknown error has occured. Please contact your vendor for assistance.
SignTool Error: An error occurred while attempting to timestamp: Exetools.sys

Number of errors: 1

C:\1\signtool>

I could not handle the timestamp problem.

The command below just get the valid period. So change the system time to match before sign.

openssl pkcs12 -info -in cs1.pfx -nodes -legacy | openssl x509 -noout -dates
Enter Import Password:
MAC: sha1, Iteration 2000
MAC length: 20, salt length: 20
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2000
Certificate bag
Certificate bag
Certificate bag
notBefore=Nov 22 00:00:00 2013 GMT
notAfter=Nov 22 23:59:59 2014 GMT

openssl pkcs12 -info -in cs20160224_w.pfx -nodes -legacy | openssl x509 -noout -dates
Enter Import Password:
MAC: sha1, Iteration 2000
MAC length: 20, salt length: 20
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2000
Certificate bag
Certificate bag
Certificate bag
Certificate bag
notBefore=Jul 2 01:58:35 2014 GMT
notAfter=Jul 2 01:58:35 2015 GMT

openssl pkcs12 -info -in cs_20151120.pfx -nodes -legacy | openssl x509 -noout -dates
Enter Import Password:
MAC: sha1, Iteration 2000
MAC length: 20, salt length: 20
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2000
Certificate bag
Certificate bag
Certificate bag
notBefore=Jan 7 00:00:00 2014 GMT
notAfter=Jan 7 23:59:59 2015 GMT

That is the big problem: fake time tamp server response site "http://tsa.pki.jemmylovejenny.tk/SHA1/2015-01-01T12:00:00"
does not works anymore ?
https://blog.talosintelligence.com/old-certificate-new-signature/

Only cat file signed is enough. So how to remove the digital certificat from sys file ?

Steps:

1. Determine whether the file is 32-bit or 64-bit based on the magic number. (010B or 020B)

2. Locate the Security Directory in the PE HEADER using its RVA and size, and remove the corresponding signature content from the file. ( The signature content is at the end of the file. )

3. Clear the RVA and size fields of the Security Directory.

4. Recalculate the checksum and update it.

You could handle the sys file with tools, e.g. winhex +lordpe.

I have made the python file to do this.

Attachment is the python file and the sys file (already remove the sign)

The timestamp server can be set up by self.
"http://tsa.pki.jemmylovejenny.tk"" is closed.
So try "/t http://time.pika.net.cn/fake/RSA/2013-11-24T00:00:00" (use cs1.pfx)

I test ,all is ok!

Note: first install the root cer of the fake timestamp server. (in the atratchment, just execute the install reg easily or install .cer to root by hand)

FYI:
https://github.com/Jemmy1228/HookSigntool
https://github.com/PIKACHUIM/FakeSign

I have made a cmd bat file next to signtool.exe and exetools.* files:
c:
cd\
cd C:\1\signtool
date 24.11.2013
time 00:00:00,81
signtool.exe sign -a -f cs1.pfx -p cs123456 -t http://time.pika.net.cn/fake/RSA/2013-11-24T00:00:00 exetools.sys
time 00:00:00,81
signtool.exe sign -a -f cs1.pfx -p cs123456 -t http://time.pika.net.cn/fake/RSA/2013-11-24T00:00:00 exetools.cat
pause

time 00:00:00,81 UTC+8 China
or date 11.24.2013 depends of your regional setting

Signed sys and without digital certificate have same hash/sha1 codes so that .cat file sees them ok ?
I know .inf should not be changed inside after creating cat file.

I need a new a updated inf2cat folder

C:\__inf2cat>REM Current Drive
C:\__inf2cat>set SRC_DRIVE=C:
C:\__inf2cat>REM Current Path

C:\__inf2cat>set SRC_PATH=C:\__inf2cat
C:\__inf2cat>x86\Inf2Cat.exe /driver:C:\__inf2cat\DriverForCat /os:8_X64,8_X86,Server2008R2_X64,Server2008R2_IA64,7_X64,7_X86,Server2008_X64,Server2008_IA64,Server2008_X86,Vista_X64,Vista_X86,Server2003_X64,Server2003_IA64,Server2003_X86,XP_X64,XP_X86,2000
......................
Signability test complete.
Errors:
None
Warnings:
None
Catalog generation complete.
C:\__inf2cat\DriverForCat\exetools.cat
C:\__inf2cat>x86\Inf2Cat.exe /v /os:XP_X86,Vista_X86,Vista_X64,7_X86,7_X64,8_X86,8_X64,6_3_X86,6_3_X64,10_X86,10_X64 /driver:C:\__inf2cat\DriverForCatx86
Operating systems parameter invalid.

C:\__inf2cat>x64\inf2cat /v /os:2000,XP_X86,XP_X64,Vista_X86,Vista_X64,7_X86,7_X64,8_X86,8_X64,6_3_X86,6_3_X64,10_X86,10_X64,10_AU_X86,10_AU_X64,10_RS2_X86,10_RS2_X64,10_RS3_X86,10_RS3_X64,10_RS4_X86,10_RS4_X64,10_RS5_X86,10_RS5_X64,10_19H1_X86,10_19H1_X64,10_VB_X86,10_VB_X64,10_CO_X64,10_NI_X64,Server2003_X86,Server2003_X64,Server2008_X86,Server2008_X64,Server2008R2_X64,Server8_X64,Server6_3_X64,Server10_X64,SERVER2016_X64,ServerRS5_X64 /driver:C:\__inf2cat\DriverForCatX64
Operating systems parameter invalid.
C:\__inf2cat>pause
Press any key to continue . . .

I instaled CA-ALLCERT.zip on a computer with secure boot enable it show me exclamation mark on it in Device manager. I do know password of bios on that pc to disable Secure boot. What can I do ? What I did wrong ? vip.inf cat and sys works fine but timp stamp was real, not fake.
Please somebody with valabil pfx, sign them https://easyupload.io/svpie9 and tamp both cat, too!

There is:
https://github.com/Tylous/Limelighter
but unable even to compile

well, any tool older> 1 year seems to be obsoleted/fixed/deprecated