Signing a Windows Kernel driver without using Microsoft

[chants]

Quote:

Originally Posted by Kerlingen

No, there is not. The only trusted authority which has ever existed is Microsoft itself and all intermediate cross-certificates signed by Microsoft have expired at least two years ago.

But your earlier post said if you are signed by an old cross certificate it loads, so hacking the private key to these expired certificates should allow arbitrary driver loading.

I agree cracking the OS isn't necessary but seems a lot of research is known in that area with enough details to easily do it. But more than just driver signing policy changes is needed to justify the troublem

[user1]

Quote:

But your earlier post said if you are signed by an old cross certificate it loads, so hacking the private key to these expired certificates should allow arbitrary driver loading.

still possible. google it.

[SinaDiR]

https://github.com/Jemmy1228/HookSigntool
and
https://github.com/hzqst/FuckCertVerifyTimeValidity

[user1]

who knows how to properly dual sign a CAT file sha1 and sha256 ?

how do I get rid of that authenticated attributes 1.2.840.XXX

any working example ?

[FoxB]

ERR_PROXY_CERTIFICATE_INVALID

[user1]

Chinese tool sign good using same sign I used, my not. why? who knows used parameters to do dual signing ?