Objective: Remove the digital signature from a Microsoft Windows DLL or EXE file.
To manipulate (delete, copy, extract, add or inject) embedded digital signatures found on Windows DLL or EXE files, we can use a small Python utility called Disitool.
To use this tool, obviously, you will need the Python interpreter installed on your computer. I have Python installed as part of Cygwin. The tool also requires the pefile Python module to be installed.
Either install the standalone Python binary or the Cygwin based Python. This article will only touch on Cygwin Python. I tested using Python 2.7 on Cygwin. Then download the latest pefile Python module in zip format and install the module. On Cygwin, install the module using the following syntax.
|
1 2 3 |
$ unzip pefile-1.2.10-139.zip $ cd cd pefile-1.2.10-139/ $ python setup.py install |
Next, download and extract Disitool. You will get a Python script.
|
1 |
$ unzip disitool_v0_3.zip |
Now, locate the DLL or EXE file that you want to remove the digital signature from. Copy the DLL/EXE file to the same folder where you extracted the Disitool Python script.
To remove the digital signature from a file, use the following syntax. In this example, we are removing the digital signature from a file called “dsTMService.dll“. The unsigned file will be named “dsTMService-unsigned.dll“.
|
1 2 |
$ cd /path/to/where/disitool/is/located $ ./disitool.py delete dsTMService.dll dsTMService-unsigned.dll |
The output file, “dsTMService-unsigned.dll” will no longer have any digital signature. You can verify this by checking the file properties.
Mohamed Ibrahim
ibrahim = { interested_in(unix, linux, android, open_source, reverse_engineering); coding(c, shell, php, python, java, javascript, nodejs, react); plays_on(xbox, ps4); linux_desktop_user(true); }
