Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Signing a Windows Kernel driver without using Microsoft
Register Forum Rules FAQ Calendar

Notices

Reply
Page 2 of 2 1 2
 
Thread Tools Display Modes
  #1  
Old 01-28-2023, 02:23
chants chants is offline
VIP
  
Join Date: Jul 2016
Posts: 826
Rept. Given: 47
Rept. Rcvd 50 Times in 31 Posts
Thanks Given: 737
Thanks Rcvd at 1,140 Times in 529 Posts
chants Reputation: 51
Quote:
Originally Posted by Kerlingen View Post
No, there is not. The only trusted authority which has ever existed is Microsoft itself and all intermediate cross-certificates signed by Microsoft have expired at least two years ago.
But your earlier post said if you are signed by an old cross certificate it loads, so hacking the private key to these expired certificates should allow arbitrary driver loading.

I agree cracking the OS isn't necessary but seems a lot of research is known in that area with enough details to easily do it. But more than just driver signing policy changes is needed to justify the troublem
Reply With Quote
  #2  
Old 01-28-2023, 16:14
user1 user1 is offline
Family
  
Join Date: Sep 2012
Location: OUT
Posts: 1,129
Rept. Given: 696
Rept. Rcvd 123 Times in 70 Posts
Thanks Given: 842
Thanks Rcvd at 637 Times in 378 Posts
user1 Reputation: 44
Quote:
But your earlier post said if you are signed by an old cross certificate it loads, so hacking the private key to these expired certificates should allow arbitrary driver loading.
still possible. google it.
Reply With Quote
  #3  
Old 02-04-2023, 05:30
SinaDiR SinaDiR is offline
Family
  
Join Date: Aug 2005
Location: Recycle Bin
Posts: 123
Rept. Given: 14
Rept. Rcvd 34 Times in 22 Posts
Thanks Given: 178
Thanks Rcvd at 227 Times in 63 Posts
SinaDiR Reputation: 34
https://github.com/Jemmy1228/HookSigntool
and
https://github.com/hzqst/FuckCertVerifyTimeValidity
__________________
UnREal RCE - Persian Crackers
Reply With Quote
The Following 3 Users Say Thank You to SinaDiR For This Useful Post:
niculaita (02-16-2023), Stingered (02-05-2023), Vosiyons (02-16-2023)
  #4  
Old 02-16-2023, 01:42
user1 user1 is offline
Family
  
Join Date: Sep 2012
Location: OUT
Posts: 1,129
Rept. Given: 696
Rept. Rcvd 123 Times in 70 Posts
Thanks Given: 842
Thanks Rcvd at 637 Times in 378 Posts
user1 Reputation: 44
Exclamation
who knows how to properly dual sign a CAT file sha1 and sha256 ?

how do I get rid of that authenticated attributes 1.2.840.XXX

any working example ?
Attached Images
File Type: jpg Capture.JPG (49.4 KB, 21 views)
File Type: jpg Capture2.JPG (17.2 KB, 16 views)
Reply With Quote
The Following User Says Thank You to user1 For This Useful Post:
niculaita (02-18-2023)
  #5  
Old 02-16-2023, 01:45
FoxB FoxB is offline
VIP
  
Join Date: Jan 2002
Location: Earth...
Posts: 1,064
Rept. Given: 15
Rept. Rcvd 139 Times in 95 Posts
Thanks Given: 23
Thanks Rcvd at 882 Times in 346 Posts
FoxB Reputation: 100-199 FoxB Reputation: 100-199
ERR_PROXY_CERTIFICATE_INVALID
Reply With Quote
  #6  
Old 02-17-2023, 22:09
user1 user1 is offline
Family
  
Join Date: Sep 2012
Location: OUT
Posts: 1,129
Rept. Given: 696
Rept. Rcvd 123 Times in 70 Posts
Thanks Given: 842
Thanks Rcvd at 637 Times in 378 Posts
user1 Reputation: 44
Chinese tool sign good using same sign I used, my not. why? who knows used parameters to do dual signing ?
Reply With Quote
The Following User Says Thank You to user1 For This Useful Post:
niculaita (02-18-2023)
Reply
Page 2 of 2 1 2

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Disable PatchGuard & Driver Signing Fyyre x64 OS 61 04-21-2025 02:12
Patching in your own kernel signing certificate tame_mpeg General Discussion 11 09-28-2024 02:11
Hades:Windows kernel driver lets reverse engineers monitor user and kernel mode code sh3dow Source Code 0 05-12-2016 03:15
Driver Signing on x64 Windows _MAX_ x64 OS 7 10-22-2012 15:47


All times are GMT +8. The time now is 20:32.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )