Mr. P and Q has solved my Authenticode Challenge. You can download his solution here, I copied his howto here below. I’ll add my own details in an upcoming post, but in the meantime, be sure to do a web search for the modulus.
What you need: An internet connection A windows system A CPP compiler OpenSSL installed Step 1: Export the certificate used by Didier from ac.exe to didier.cer Select AC.EXE, Right click properties, Digital Signatures tab, "Details button", "View Certificate" button,Details tab, "Copy to File" button, select the "DER encoded binary X.509(.CER)" option and export to didier.exe Step 2: Use OpenSSL to extract the modulus of the certificate used OpenSSL>x509 -modulus -inform DER -in didier.cer Step 3: Use OpenSSL to convert didier's certificate in PEM format (for later use) OpenSSL>x509 -inform DER -in didier.cer -outform PEM -out didier.pem Step 4: Copy the modulus extracted in step2 into FindPQ.cpp, build the application, execute and (wait ... wait ... wait ...) ^1000 or download http://www.boo.net/~jasonp/msieve.exe. Start msieve msieve -v -n 0xD0EA1ABA978DF0065B2009F75C846F28B04ED5143B237B3FC24272245ADE837EFE0271E1A2854E0C81BA9F70A83AD86D47B0EACD062BC15BC61A99DC83124EC9 and (wait ... wait ... wait ...)^100 until it finally displays: prp78 factor: 102639592829741105772054196573991675900716567808038066803341933521790711307779 prp78 factor: 106603488380168454820927220360012878679207958575989291522270608237193062808643 Step 5: Create a 'real' RSA key so we can re-sign the modified ac.exe (remember the first part of this challenge) Copy the two factors found(step 4) into CreatePEM.cpp, build the application and excute. The application will produce newkey.pem Step 6: Use OpenSSL to combine newkey.pem and didier.pem (step3) into a PKCS12 keyfile (you will need to provide a password of your choice) OpenSSL>pkcs12 -export -in didier.pem -inkey newkey.pem -out magic.p12 Step 7: Import magic.p12 into your Windows system Simply double click magic.p12 select all the default options specify the password you defined in Step 6 when asked. Step 8: Download signcode https://www.thawte.com/dynamic/en/images/support/inetSDk5.zip unzip Step 9 Start signcode, select the modified ac.exe, select the "Didier" key and you're done ... Good luck Mister P and Q.
Didier Stevens 
[…] à l’excellente solution de messieurs P & Q au challenge Authenticode de Didier Stevens, ça a été très […]
Pingback by Nibbles microblog » Write-up Codegate 2010 – Déchiffrer un https utilisant RSA-768bits — Monday 15 March 2010 @ 17:37