FakeSign
自建时间戳服务器实现伪签名驱动证书 Implementing Pseudo Signature with Self-Sign Timestamp Servers
Install / Use
/learn @PIKACHUIM/FakeSignREADME
自建时间戳服务器实现伪签名驱动证书
Drivers Signning with Self-Sign Fake Timestamp Servers
当前可用时间戳地址
- http://timers.dns.navy/
- http://timers.524228.xyz/
- http://timers.us.kg/
项目介绍 / Introduction
购买一个代码签名证书非常昂贵,而在Windows平台上,驱动签名需要EV代码签名证书才能进行WHQL认证,EV代码签名证书一年就需要几千块。作为个人开发者或者测试驱动需求,购买权威机构的EV代码签名证书是非常不划算的,同时需要公司认证,时间流程都非常麻烦。微软于2019年7月暂停了EV交叉驱动签名证书CA的签发,意味着这之后不能直接使用EV代码签名,需要WHQL认证。但在这之前签发的证书可以直接签署驱动完成认证。网上有一些泄露的EV代码签名证书,可以利用《自建时间戳服务实现伪签驱动证书》的时间戳功能完成伪造签名,让签名时间戳在泄露证书有效期内,实现驱动签名和认证。
Purchasing a code signing certificate is very expensive, and on the Windows platform, driver signing requires an EV code signing certificate for WHQL authentication, which costs several thousand yuan per year. As an individual developer or test driver, purchasing an EV code signing certificate from an authoritative organization is very uneconomical, and requires company certification, which is a very complicated time process. Microsoft suspended the issuance of EV cross drive signing certificate CA in July 2019, which means that EV code signing cannot be directly used after that and WHQL authentication is required. But certificates issued before this can be directly signed to complete authentication. There are some leaked EV code signature certificates online, which can be used to Implement Pseudo Signature Driver Certificates through Self-built Timestamp Services The timestamp function completes the forgery of signatures, allowing the signature timestamp to be within the validity period of the leaked certificate, achieving driver signature and authentication.
免责声明 / Disclaimers
本文涉及网络安全实验,阅读本文表示您已经阅读、完全理解并承诺遵守下列条款的全部内容:
This article involves network security experiments. Reading this article means that you have read, fully understood, and committed to complying with all the following terms and conditions:
<details><summary><strong><red>"Drivers Signning with Self-Sign Fake Timestamp Servers" Disclaimers - English</red></strong></summary><p><strong>Welcome to research and conduct the experiment on "Drivers Signning with Self-Sign Fake Timestamp Servers"</strong></p><p>Before using this experiment,<em><u>Please carefully read and agree to the following disclaimer license terms</u>.</em></p><p><strong>Continuing means that you agree to all the terms</strong>.<em>If you do not agree with any content of this license term,</em></p><p><em><u>Please immediately stop conducting this experiment and delete all content and its derivative data</u>.</em></p><ol start=''><li><h6 id='explanation-of-terms'>Explanation of Terms</h6><ol><li>"Experimental Content": This includes the technology (including but not limited to code, files, steps) and its derivative content provided by this website experiment.</li><li>"Violation of laws and regulations": refers to a violation of the relevant laws and regulations mentioned in this agreement and in your country or region, as well as their relevant provisions.</li><li>"Author": The provider of this experimental technology, including the creator of this document, website provider, and other assistance providers.</li><li>"User": The subject who uses the technology provided in this experiment (including but not limited to: code, files, steps) and its derivative content.</li></ol></li><li><h6 id='experimental-purpose'>Experimental Purpose</h6><ol><li>This experiment aims to provide practical learning and technical research on network security technology.</li></ol><ol start='2'><li>This experiment is only for individuals or groups to conduct non commercial technological exploration.</li></ol></li></ol><ol start='2'><li><h6 id='usage-restrictions'>Usage Restrictions</h6><ol><li>You promise that the principles of this experiment will only be used for experiments and safety technology testing and technical experiments, and will not be used in confidential or important production environments.</li><li>You are not allowed to use it for any activities that violate laws and regulations, including but not limited to criminal behavior, fraud, damage to computer information systems, etc.</li></ol></li><li><h6 id='legal-compliance'>Legal Compliance</h6><ol><li>You comply with the Cybersecurity Law of the People's Republic of China and are not allowed to use any technology on this website for illegal or criminal activities.</li><li>You shall comply with Article 286 (1) of the Criminal Law of the People's Republic of China and shall not use any technology on this website to damage the computer information system.</li><li>You shall comply with Article 32 of the Electronic Signature Law of the People's Republic of China and shall not use any technology of this website to forge, impersonate, or embezzle the electronic signature of others</li><li>You shall comply with the laws and regulations of China and other countries and regions where you are located, and shall not use any technology on this website to violate laws and regulations, or cause problems or losses to any other individual or group.</li></ol></li><li><h6 id='disclaimer'>Disclaimer</h6><ol><li>This experiment is only for technical and safety technical testing purposes and is not responsible for the user's behavior</li><li>The principles of this experiment are published on Github and can be freely accessed and used by anyone. The author is not responsible for the user behavior of the experiment.</li><li>The principle of this experiment may have technical, safety, or other issues, and users are required to bear the risk of use and take necessary safety measures to protect their own and others' interests.</li><li>The author shall not be liable for any direct or indirect losses arising from the use of the principles of this experiment, including but not limited to profit losses, data losses, business interruptions, etc.</li><li>This website reserves the right to interrupt or terminate this service at any time without prior notice to users.</li></ol></li><li><h6 id='violations'>Violations</h6><ol> <li>If you violate any of the above terms, you will fully and independently bear any legal and other responsibilities and consequences that may arise</li></ol><p> </p><p>Please carefully read and understand the above disclaimer terms before using this service.</p><p>If you agree and accept the above terms, please continue to use this experiment.</p><p>If you have any questions or need further explanation, please contact us.</p></li></ol></details> <details> <summary><strong><red>《自建时间戳服务器实现伪签名驱动证书》免责声明 - 简体中文</red></strong></summary> <p><span>欢迎您研究并进行《自建时间戳服务器实现伪签名驱动证书》实验(以下简称“本实验”)。</span></p><p><span>在使用本实验前</span><strong><span>请您仔细阅读并同意以下免责许可条款</span></strong><span>,继续则代表您同意条款全部内容。</span></p><p><span>若您不同意本许可条款的任何内容,请立即停止进行本实验,并删除所有内容及其衍数据。</span></p><ol start=""><li><h6 id="术语解释"><span>术语解释</span></h6><ol start=""><li><p><span>“实验内容”:包括本网站实验所提供的技术(包括但不限于代码、文件、步骤)及其衍生内容。</span></p></li><li><p><span>“违反法律法规”:指违反本协议所提及的和您所在国家或地区的相关法律法规,及其相关规定。</span></p></li><li><p><span>“作者”:本实验技术的提供者,包括本文档创建人,网站提供者,以及其他提供帮助的主体等。</span></p></li><li><p><span>“使用者”:使用本实验提供的技术(包括但不限于:代码、文件、步骤)及其衍生内容的主体。</span></p></li></ol><p><strong><span>本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“可”、“不可”、“建议”、“旨在”、“仅(供)”和“可选”</span></strong></p><p><strong><span>应按照RFC2119中的说明进行解释。</span></strong></p></li><li><h6 id="实验目的"><span>实验目的</span></h6><ol start=""><li><p><span>本实验</span><strong><span>旨在</span></strong><span>提供网络安全技术的实践学习和技术研究。</span></p></li><li><p><span>本实验</span><strong><span>仅供</span></strong><span>个人或团体进行非商业性质的技术探索。</span></p></li></ol></li><li><h6 id="使用限制"><span>使用限制</span></h6><ol start=""><li><p><span>您</span><strong><span>必须</span></strong><span>承诺本实验的原理仅用于实验和安全技术测试和技术实验,不用于需保密或者重要生产环境。</span></p></li><li><p><span>您</span><strong><span>不得</span></strong><span>用于任何违反法律法规的活动,包括但不限于犯罪行为、欺诈、破坏计算机信息系统等。</span></p></li></ol></li><li><h6 id="法律合规"><span>法律合规</span></h6><ol start=""><li><p><span>您</span><strong><span>必须</span></strong><span>遵守《中华人民共和国网络安全法》,不得使用本网站任何技术进行违法犯罪活动。</span></p></li><li><p><span>您</span><strong><span>必须</span></strong><span>遵守《中华人民共和国刑法》第286条第1款规定,不得使用本网站的任何技术破坏计算机信息系统。</span></p></li><li><p><span>您</span><strong><span>必须</span></strong><span>遵守《中华人民共和国电子签名法》第32条,不得使用本网站的任何技术伪造、冒用、盗用他人的电子签名</span></p></li><li><p><span>您</span><strong><span>必须</span></strong><span>遵守中国以及其他所在国家和地区的法律法规,不得使用本网站的任何技术违反法律法规,或者给其他任何个人、团体造成问题或者损失。</span></p></li></ol></li><li><h6 id="免责声明"><span>免责声明</span></h6><ol start=""><li><p><span>本实验</span><strong><span>仅</span></strong><span>提供技术实验和安全技术测试之用,不对使用者的行为负责</span></p></li><li><p><span>本实验的原理发布在Github上,任何人均可自由获取和使用,作者不对实验的使用者行为负责。</span></p></li><li><p><span>本实验的原理</span><strong><span>可能</span></strong><span>存在技术问题、安全问题或其他问题,使用者需自行承担使用风险,并采取必要的安全措施保护自身和他人的利益。</span></p></li><li><p><span>作者对于使用本实验的原理所产生的任何直接或间接损失,包括但不限于利润损失、数据损失、业务中断等,不承担责任。</span></p></li><li><p><span>本网站保留在任何时候中断或终止本服务的权利,而无需提前通知使用者。</span></p></li></ol></li><li><h6 id="违规情形"><span>违规情形</span></h6><p><strong><span>您如果违反上述条款的任何内容,您将完全独立承担带来的任何法律以及其他责任和后果。</span></strong></p></li></ol><p><span>请您在使用本服务前认真阅读并理解上述免责许可条款。若您同意并接受上述条款,请继续使用本实验。</span></p><p><span>如有任何疑问或需要进一步解释,请联系我们。</span></p> </details>
简易使用 / Quick Usage
简易使用方法 / Easy Way to Sign Drivers
-
下载时间证书信任工具:数字证书安装工具,双击EXE,根据安装流程信任证书文件
(Download Time Certificate Trust Tool: Digital Certificate Installation Tool)
如果需要静默安装,则应该运行(If silent installation is required, it should be run):
PikachuTestCert.exe /VERYSILENT # 隐藏任何安装窗口和提示(需要管理员权限) PikachuTestCert.exe /SILENT # 隐藏安装确认但显示进度(需要管理员权限) -
安装泄露驱动签名证书:我不提供任何证书
