delcert - Sign strip tool

Search This thread
By:
Advanced…
D

deepred

Member
Jan 19, 2006
7
16
Hi,

here is a small tool that strips (removes) digital sign (Authenticode) from PE executable files like *.exe, *.dll, *.mui, etc. On error HRESULT is returned, i.e. 0x00000005 means that file is readonly.
Code: 
C:\[snip]>delcert.exe OEM\OEMOpera\OperaWM.exe

Target file(s): OEM\OEMOpera\OperaWM.exe

Stripping file: C:\[snip]\OEM\OEMOpera\OperaWM.exe.
Succeeded.

C:\[snip]>delcert.exe OEM\OEM_Lang_0409\*.mui

Target file(s): OEM_Lang_0409\*.mui

Stripping file: C:\[snip]\OEM\OEM_Lang_0409\aboutprop.dll.0409.mui.
Succeeded.

Stripping file: C:\[snip]\OEM\OEM_Lang_0409\BKLBrightness.dll.0409.mui.
Succeeded.
Source is included. You may need to install Visual Studio 2008 C++ Runtime before running.
 

Attachments

  • delcert.zip
    10.2 KB · Views: 23,253
  • Like
Reactions: mat23452345, dumbasPL, Deleted member 4989510 and 13 others
cmylxgo

cmylxgo

Senior Member
Feb 13, 2007
1,680
2,033
deepred said:
Hi,

here is a small tool that strips (removes) digital sign (Authenticode) from PE executable files like *.exe, *.dll, *.mui, etc. On error HRESULT is returned, i.e. 0x00000005 means that file is readonly.
Code: 
C:\[snip]>delcert.exe OEM\OEMOpera\OperaWM.exe

Target file(s): OEM\OEMOpera\OperaWM.exe

Stripping file: C:\[snip]\OEM\OEMOpera\OperaWM.exe.
Succeeded.

C:\[snip]>delcert.exe OEM\OEM_Lang_0409\*.mui

Target file(s): OEM_Lang_0409\*.mui

Stripping file: C:\[snip]\OEM\OEM_Lang_0409\aboutprop.dll.0409.mui.
Succeeded.

Stripping file: C:\[snip]\OEM\OEM_Lang_0409\BKLBrightness.dll.0409.mui.
Succeeded.
Source is included. You may need to install Visual Studio 2008 C++ Runtime before running.
Click to expand...
Click to collapse

Thanks for this...it fixed and issue I had when trying to remove a cert with another tool.
 
C

chetstriker

Senior Member
Mar 9, 2008
561
86
Brattleboro, VT
www.unfairware.com
This sounds really interesting, however I was wondering what it can be used for? the certificates usully just provide authentication. Can this be used to bypass protection methods, or what are some real world examples of usage?
 
D

deepred

Member
Jan 19, 2006
7
16
You're right, authenticode provides input data for Windows Mobile (originally Windows CE) policy mechanism which decides then if it is allowed to run the file or not. I used it to strip authenticode from OEM files taken from HTC devices before signing them with my own certificate (I usually sign files in my cooked ROMs). I.e. if file is already signed you can't sign it with another certificate until old one is removed.
Due to the fact that certificates are asymmetric you can sign files only with private certificates. That's why I use my own certificates.
To bypass the protection you need to get some how the private part and sign you file with it. Or you can just disable the security policy that enforces file origin check.
 
U

ute_arbeit

New member
Oct 22, 2010
1
0
Thanks a lot for your work! Your neat little tool is just what I was looking for to be able to sign a Flash projector with my own certificate.
 
WarlockW

WarlockW

Senior Member
Dec 30, 2007
1,249
658
Minnesota
Works beautifully when other tools didn't ! Is Right !

Works beautifully when other tools didn't ! Is Right !

Worked Great Thanks - Just What I was Looking For !!!!!

:D :D :D :D :D
 
T

TheGeekyGuy101

New member
Jul 14, 2014
1
0
Still working in Windows 8.1

Still working in Windows 8.1 :D
It's great because I can remove the cert from bit torrent and any other group policy blocked programs on my school laptop
 
H

Hydranix

Member
Jun 27, 2013
9
9
Do you have any license requirements on your source or is it safe to assume this is public domain?
 
Phurkus

Phurkus

Senior Member
Feb 18, 2015
288
28
Thanks OP. Appriciste for your share :)

Sent from my DROID RAZR M using XDA Free mobile app
 
T

Tropple

New member
May 20, 2016
1
0
Useful for software publishers

We're using the delcert tool to avoid warnings with expired certificates. Our sign tool doesn't like exe files that already have a valid, but expired signature.
 
You must log in or register to reply here.

Similar threads

A_C
  • Locked
(16 December 2008) S2U2 v1.37 - freeware
Replies
4K
Views
2M
A_C
A_C
Shaun33
  • Locked
[DEAD AND BURRIED] WM6 SIP Config Tool - [V2.0.1 Out Now]
Replies
145
Views
250K
H
HDuser
A_C
  • Locked
[Development STOPPED] Slide 2 UnLock v1.219 (updated on 17 September)
Replies
2K
Views
721K
l3v5y
l3v5y
djboo
  • Locked
  • Poll
Project: Manila 3d porting - STILL IN DEVELOPMENT READ FIRST POST
Replies
1K
Views
510K
GSLEON3
GSLEON3
schaps
Advanced Configuration Tool 2.1 with extensible tweaks - Open to contributors
Replies
132
Views
145K
J
jeeves5454

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 16
    D
    deepred
    Hi,

    here is a small tool that strips (removes) digital sign (Authenticode) from PE executable files like *.exe, *.dll, *.mui, etc. On error HRESULT is returned, i.e. 0x00000005 means that file is readonly.
    Code: 
    C:\[snip]>delcert.exe OEM\OEMOpera\OperaWM.exe

Target file(s): OEM\OEMOpera\OperaWM.exe

Stripping file: C:\[snip]\OEM\OEMOpera\OperaWM.exe.
Succeeded.

C:\[snip]>delcert.exe OEM\OEM_Lang_0409\*.mui

Target file(s): OEM_Lang_0409\*.mui

Stripping file: C:\[snip]\OEM\OEM_Lang_0409\aboutprop.dll.0409.mui.
Succeeded.

Stripping file: C:\[snip]\OEM\OEM_Lang_0409\BKLBrightness.dll.0409.mui.
Succeeded.
    Source is included. You may need to install Visual Studio 2008 C++ Runtime before running.
    View

New posts