delcert - Sign strip tool

---

Hi,

here is a small tool that strips (removes) digital sign (Authenticode) from PE executable files like *.exe, *.dll, *.mui, etc. On error HRESULT is returned, i.e. 0x00000005 means that file is readonly.

Code:

C:\[snip]>delcert.exe OEM\OEMOpera\OperaWM.exe

Target file(s): OEM\OEMOpera\OperaWM.exe

Stripping file: C:\[snip]\OEM\OEMOpera\OperaWM.exe.
Succeeded.

C:\[snip]>delcert.exe OEM\OEM_Lang_0409\*.mui

Target file(s): OEM_Lang_0409\*.mui

Stripping file: C:\[snip]\OEM\OEM_Lang_0409\aboutprop.dll.0409.mui.
Succeeded.

Stripping file: C:\[snip]\OEM\OEM_Lang_0409\BKLBrightness.dll.0409.mui.
Succeeded.

Source is included. You may need to install Visual Studio 2008 C++ Runtime before running.

I can't believe no one posted thanks for this :P I just used it recently and it worked a charm! So, thanks! Appreciate your work.

Quote:

Originally Posted by deepred

Hi,

here is a small tool that strips (removes) digital sign (Authenticode) from PE executable files like *.exe, *.dll, *.mui, etc. On error HRESULT is returned, i.e. 0x00000005 means that file is readonly.

Code:

C:\[snip]>delcert.exe OEM\OEMOpera\OperaWM.exe

Target file(s): OEM\OEMOpera\OperaWM.exe

Stripping file: C:\[snip]\OEM\OEMOpera\OperaWM.exe.
Succeeded.

C:\[snip]>delcert.exe OEM\OEM_Lang_0409\*.mui

Target file(s): OEM_Lang_0409\*.mui

Stripping file: C:\[snip]\OEM\OEM_Lang_0409\aboutprop.dll.0409.mui.
Succeeded.

Stripping file: C:\[snip]\OEM\OEM_Lang_0409\BKLBrightness.dll.0409.mui.
Succeeded.

Source is included. You may need to install Visual Studio 2008 C++ Runtime before running.

Thanks for this...it fixed and issue I had when trying to remove a cert with another tool.

This sounds really interesting, however I was wondering what it can be used for? the certificates usully just provide authentication. Can this be used to bypass protection methods, or what are some real world examples of usage?

You're right, authenticode provides input data for Windows Mobile (originally Windows CE) policy mechanism which decides then if it is allowed to run the file or not. I used it to strip authenticode from OEM files taken from HTC devices before signing them with my own certificate (I usually sign files in my cooked ROMs). I.e. if file is already signed you can't sign it with another certificate until old one is removed.
Due to the fact that certificates are asymmetric you can sign files only with private certificates. That's why I use my own certificates.
To bypass the protection you need to get some how the private part and sign you file with it. Or you can just disable the security policy that enforces file origin check.

Thanks a lot for your work! Your neat little tool is just what I was looking for to be able to sign a Flash projector with my own certificate.

Thanks

---

Works beautifully when other tools didn't.

Works beautifully when other tools didn't ! Is Right !

---

Works beautifully when other tools didn't ! Is Right !

Worked Great Thanks - Just What I was Looking For !!!!!