Disitool is a small Python program to manipulate embedded digital signatures.
- delete a signature: disitool.py delete signed-file unsigned-file
- copy a signature: disitool.py copy signed-source-file unsigned-file signed-file
- extract a signature: disitool.py extract signed-file signature
- add a signature: disitool.py add signature unsigned-file signed-file
- inject data after the authenticode signature: disitool.py inject [--paddata] signed-source-file data-file signed-destination-file
It is not a tool to digitally sign executables, use signtool for this. When you add or copy a signature from one file to another file, the signature will not be valid.
disitool uses pefile, you’ll need to install this first. This new version (V0.2) will update the PE header checksum.
Download:
MD5: 08D1CA036DC905D8E42AB3016A1B7821
SHA256: AEF923F49E53C7C2194058F34A73B293D21448DEB7E2112819FC1B3B450347B8
[...] latest version of pefile has extra methods to handle the checksum of the PE header. My new disitool version uses these methods to correct the checksum when the signature is changed by [...]
Pingback by Update: Disitool V0.2 « Didier Stevens — Tuesday 15 April 2008 @ 8:25
[...] add data to a signed executable without invalidating the Authenticode signature. I updated my Digital signature tool, but I realize now I had only announced the update on Twitter, not on my [...]
Pingback by Update: Disitool V0.3 « Didier Stevens — Sunday 7 June 2009 @ 23:16