1

Topic: Change of a file with the sign-code signature, without loss of this #2

In signed EXE it is necessary to add 8 bit unique ID that the signature thus did not fly. (ID it is necessary for the subsequent tracing of sources of the traffic) Made so: private function fileWriteAff ($fn, $affname) {$fd = file_get_contents ($fn);//20-30 bytes offset for IMAGE_DOS_HEADER.e_res2 [10] field $k=20; for ($i=0; $i <strlen ($affname); $i ++) {$fd [$k] = $affname [$i]; $k ++;} file_put_contents ($fn, $fd);} Now we write this ID in the field e_res2 structures IMAGE_DOS_HEADER. Judging by docks the field is reserved and not used, hence it we can use. The signature as a result flied. Prompt, please, a solution of a problem.

2

Re: Change of a file with the sign-code signature, without loss of this #2

The answer - it is impossible. For this purpose also sign-code signatures, cryptography are invented. That  did not change)

3

Re: Change of a file with the sign-code signature, without loss of this #2

Hello, alexdpp, you wrote: A> the Answer - it is impossible. A> For this purpose sign-code signatures, cryptography also are invented. That  did not change) On the other hand, in an executed file there can like be some signatures (for example, with different digest algorithm, for compatibility with different ). And it means that to already signed file it is possible to add the second signature. So, to it it is possible and to add still something.

4

Re: Change of a file with the sign-code signature, without loss of this #2

Hello, AntonVinnik, you wrote: AV> In signed EXE it is necessary to add 8 bit unique ID that the signature thus did not fly. AV> (ID it is necessary for the subsequent tracing of sources of the traffic) there and then like in a subject #1 Falko told, how it does it?

5

Re: Change of a file with the sign-code signature, without loss of this #2

Hello, Pzz, you wrote: Pzz> On the other hand, in an executed file there can like be some signatures (for example, with different digest algorithm, for compatibility with different ). And it means that to already signed file it is possible to add the second signature. So, to it it is possible and to add still something. Can  the second signature and add? Instead of ID  to steam and . Interesting as the Windows concerns the second signature to which there is no trust?

6

Re: Change of a file with the sign-code signature, without loss of this #2

Hello, NWP, you wrote: NWP> there and then like in a subject #1 Falko told, how it does it? , there also present here drVano (author VMProtect) explained something to it. I think, it makes sense  on this subject drVano, nevertheless the expert in these questions.

7

Re: Change of a file with the sign-code signature, without loss of this #2

Hello, Carc, you wrote: a C> Ugu, there also present here drVano (author VMProtect) explained something to it. I think, it makes sense  on this subject drVano, nevertheless the expert in these questions. PS: here a branch of arguing the Author: falcoware Date: 21.12 14:25, here a comment about DOS-heading from drVano the Author: drVan Date: 21.12 15:04

8

Re: Change of a file with the sign-code signature, without loss of this #2

https://blog.barthe.ph/2009/02/22/chang … xecutable/

9

Re: Change of a file with the sign-code signature, without loss of this #2

Hello, Carc, you wrote: NWP>> there and then like in a subject #1 Falko told, how it does it? A C> Ugu, there also present here drVano (author VMProtect) explained something to it. I think, it makes sense  on this subject drVano, nevertheless the expert in these questions. I explained was specific  where he can write down ID the partner before rolling a digital signature since how much I understood its problem it wrote ID the partner to the file end, and after signtoool it could not find any more earlier written down ID. IT DOES NOT CONCERN "fake" of the signature IN ANY WAY!

10

Re: Change of a file with the sign-code signature, without loss of this #2

Hello, AntonVinnik, you wrote: AV> In signed EXE it is necessary to add 8 bit unique ID that the signature thus did not fly. AV> (ID it is necessary for the subsequent tracing of sources of the traffic) AV> Now we write this ID in the field e_res2 structures IMAGE_DOS_HEADER. Judging by docks the field is reserved and not used, hence it we can use. AV> the Signature as a result flied. Prompt, please, a solution of a problem. There can be the most stupid sentence but why simply not to look at signature time?

11

Re: Change of a file with the sign-code signature, without loss of this #2

AV> In signed EXE it is necessary to add 8 bit unique ID that the signature thus did not fly. AV> (ID it is necessary for the subsequent tracing of sources of the traffic) It is possible to add a suffix to file name.

12

Re: Change of a file with the sign-code signature, without loss of this #2

Hello, AntonVinnik, you wrote: AV> In signed EXE it is necessary to add 8 bit unique ID that the signature thus did not fly. AV> (ID it is necessary for the subsequent tracing of sources of the traffic) And it it is necessary to add directly in a file? To make  file name - not a variant?

13

Re: Change of a file with the sign-code signature, without loss of this #2

Hello, salnicoff, you wrote:  wrote in the previous branch on this subject that if to add bytes in a file tail the sign-code signature is not broken.

14

Re: Change of a file with the sign-code signature, without loss of this #2

Hello, Matrix_Failure, you wrote: M_F> Falko wrote in the previous branch on this subject that if to add bytes in a file tail the sign-code signature is not broken. And in vain. Added  in the file end - it MD5 exchanged, and all antiviruses owe this file .

15

Re: Change of a file with the sign-code signature, without loss of this #2

Hello, salnicoff, you wrote: S> And in vain. Added  in the file end - it MD5 exchanged, and all antiviruses owe this file . Speech not about md5 all file, it clearly exchanges, and about authenticode code signing.

16

Re: Change of a file with the sign-code signature, without loss of this #2

Hello, Matrix_Failure, you wrote: S>> And in vain. Added  in the file end - it MD5 exchanged, and all antiviruses owe this file . M_F> Speech not about md5 all file, it clearly exchanges, and about authenticode code signing. Smart screens everyone there first of all on MD5 look - what reputation at specific . It turns out that each time should be typed reputation anew.