Disitool is a small Python program to manipulate embedded digital signatures.
- delete a signature: disitool.py delete signed-file unsigned-file
- copy a signature: disitool.py copy signed-source-file unsigned-file signed-file
- extract a signature: disitool.py extract signed-file signature
- add a signature: disitool.py add signature unsigned-file signed-file
- inject data after the authenticode signature: disitool.py inject [--paddata] signed-source-file data-file signed-destination-file
It is not a tool to digitally sign executables, use signtool for this. When you add or copy a signature from one file to another file, the signature will not be valid.
disitool uses pefile, you’ll need to install this first. This new version (V0.2) will update the PE header checksum.
Download:
MD5: 08D1CA036DC905D8E42AB3016A1B7821
SHA256: AEF923F49E53C7C2194058F34A73B293D21448DEB7E2112819FC1B3B450347B8
[...] latest version of pefile has extra methods to handle the checksum of the PE header. My new disitool version uses these methods to correct the checksum when the signature is changed by [...]
Pingback by Update: Disitool V0.2 « Didier Stevens — Tuesday 15 April 2008 @ 8:25
[...] add data to a signed executable without invalidating the Authenticode signature. I updated my Digital signature tool, but I realize now I had only announced the update on Twitter, not on my [...]
Pingback by Update: Disitool V0.3 « Didier Stevens — Sunday 7 June 2009 @ 23:16
Do you have any suggestions for how to troubleshoot this tool or enable debugging in Python? I was able to get disitool.py functional for a short time but now it seems to execute but does not create the destination unsigned executable. Unfortunately I am not familiar with Python & PEfile, but I believe I have it installed correctly.
Thanks!
Comment by Chris — Thursday 15 April 2010 @ 13:09
Forget it, I figured it out. It would be nice if it could optionally provide some output if the process was successful.
Comment by Chris — Thursday 15 April 2010 @ 14:57
With Python 2.6.5, the latest version of pefile and 0.3 of disitool the signature is properly removed from my executables in both Windows 64 64bit and XP 32bit environments. However, it also appears to significantly truncate the executable such that a 10,311kb file is reduced to an 808kb file. I have tried several different instances of this executable and the issue occurs will all instances on all OSes (XP & Windows 7). Any idea how to troubleshoot this issue?
Thanks
Comment by Chris — Thursday 15 April 2010 @ 16:20
@Chris Could I get a copy of your executable to test?
Comment by Didier Stevens — Monday 26 April 2010 @ 9:09
Hello,
Is it possible to use Disitool to delete digital signature from msi file ??
Comment by Ambrozy — Saturday 22 May 2010 @ 23:31
@Ambrozy Disitool works on PE files, .msi files use another format. The .msi file format can be compared to a database format, I would guess that if you find a .msi file editor, you could delete the signature.
Comment by Didier Stevens — Monday 24 May 2010 @ 8:04
Hello Didier,
Does your tool can be used to make a java .jar file be digested with other RSA-SHA1 output? I mean, I have no access to original .jar, but I have .jad that comes with MIDlet-Certificate-1-1 and MIDlet-Jar-RSA-SHA1, and I have my own .jar that needs to have the same MIDlet-Jar-RSA-SHA1 to be authenticated with that certificate.
The problem is that I am in an secured envoirment that need signed applications only, but I cannot sign them.
Comment by Ricardo Schmidt — Monday 7 February 2011 @ 14:50
@Ricardo No, my tool is for AuthentiCode signed PE files only.
Comment by Didier Stevens — Monday 7 February 2011 @ 15:29
Hi, I am new to Python and am unsure as to where to place the exe file I am working on and the syntax used to recreate the exe without the digital signature. Could you advise?
Many Thanks
Andy
Comment by Andrew Eustance — Friday 16 December 2011 @ 9:23
@Andrew Did you get to run the program? Go to the command line and type disitool.py. What output do you get?
Comment by Didier Stevens — Friday 16 December 2011 @ 9:37
Hi,
the response I got back was
Traceback (most recent call last):
File “”, line 1, in
disitool.py
NameError: name ‘disitool’ is not defined
I am running the software on a Windows 7 32 bit laptop, Python v2.7.2 has been installed and the ‘pefile’ module was loaded in the gui from the file menu. Then the Disitool module was loaded and ran in the same manner. All the files have been added to the C:\Python27\Lib folder.
Andy
Comment by Andrew Eustance — Friday 16 December 2011 @ 9:47
@Andrew Did you run that from cmd.exe? Start cmd.exe from the start menu, CD to the directory where you downloaded disitool.py, and type disitool.py.
Comment by Didier Stevens — Friday 16 December 2011 @ 9:50
Hi,
I have placed the disitool.py file on C:, ran the command disitool.py form the command prompt with the disitool.py usage command options and a list of commands that can be ran follows.
Andy
Comment by Andrew Eustance — Friday 16 December 2011 @ 9:54
@Andrew OK, so the program executes correctly. Say you want to remove the digital signature from c:\test.exe. Then you issue this command: disitool.py delete test.exe test2.exe
File test.exe will remain untouched, and test2.exe is a new file without the signature.
Comment by Didier Stevens — Friday 16 December 2011 @ 9:58
Hi,
I ran the command and it came back with the following error
pefile.PEFormatError: ‘Unable to read the DOS Header, possibly a truncated file.
Can you advise
Andy
Comment by Andrew Eustance — Friday 16 December 2011 @ 10:05
@Andrew That means that your test.exe is not a valid executable, pefile can’t read the header. You’ll need to obtain a valid copy.
Comment by Didier Stevens — Friday 16 December 2011 @ 10:08
i dn’t have any idea about python program…i need to remove a digital sinature from a exe file…please help me how to use Digitool and will it serve my purpose?
Comment by Anonymous — Friday 10 May 2013 @ 7:46
@Anonymous I can’t tell you if you don’t explain what your purpose is?
Comment by Didier Stevens — Friday 10 May 2013 @ 22:52