Home

Awesome

SignToolEx

SignToolEx uses Microsoft Detours hooking library to hijack "signtool.exe" and modify expired code-signing certificates to appear valid, allowing to codesign without changing system clock. This allows expired (leaked) certificates to be used for code-signing but does not permit spoofing Authenticode timestamps. Some versions of Windows (such as 10) accept and load .sys device drivers when signed with expired certificates regardless.

This tool is used in the same way as "signtool.exe" by simply running "SignToolEx.exe", needs SignToolExHook.dll in the current directory and "signtool.exe" in your %PATH%.

C:\tools\SignToolEx>SignToolEx.exe sign /v /f nvidia0.pfx /p **redacted** /fd SHA256 c:\temp\bin.exe
The following certificate was selected:
    Issued to: NVIDIA Corporation
    Issued by: VeriSign Class 3 Code Signing 2010 CA
    Expires:   Sat Jul 26 17:59:59 3000
    SHA1 hash: 30632EA310114105969D0BDA28FDCE267104754F

Done Adding Additional Store
Successfully signed: c:\temp\bin.exe

Number of files successfully Signed: 1
Number of warnings: 0
Number of errors: 0

These files are available under a Attribution-NonCommercial-NoDerivatives 4.0 International license.