forked from thinkst/canarytokens
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathsign_file.py
70 lines (58 loc) · 2.68 KB
/
sign_file.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
import sys
import getopt
import os
import tempfile
import shutil
def authenticode_sign_binary(token, inputfile, outputfile):
try:
tmpdir = tempfile.mkdtemp()
os.system('cp root-ca.conf {tmpdir}/root-ca.conf'.format(tmpdir=tmpdir))
f = open('{tmpdir}/root-ca.conf'.format(tmpdir=tmpdir),'r')
filedata = f.read()
f.close()
newdata = filedata.replace('_TOKEN_', token)
newdata = newdata.replace('TMPDIR', tmpdir)
f = open('{tmpdir}/root-ca.conf'.format(tmpdir=tmpdir),'w')
f.write(newdata)
f.close()
os.system('echo "00"> {tmpdir}/ser'.format(tmpdir=tmpdir))
os.system('touch {tmpdir}/db {tmpdir}/db.attr'.format(tmpdir=tmpdir))
os.system('openssl req -x509 -new -keyout {tmpdir}/rootCA.key -out {tmpdir}/rootCA.crt -config {tmpdir}/root-ca.conf -days 365 -nodes'.format(tmpdir=tmpdir))
os.system('openssl req -new -keyout {tmpdir}/cert.key -out {tmpdir}/cert.csr -nodes -subj "/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Windows"'.format(tmpdir=tmpdir))
os.system('openssl ca -batch -config {tmpdir}/root-ca.conf -cert {tmpdir}/rootCA.crt -keyfile {tmpdir}/rootCA.key -in {tmpdir}/cert.csr -out {tmpdir}/cert.crt'.format(tmpdir=tmpdir,))
os.system('osslsigncode sign -certs {tmpdir}/cert.crt -key {tmpdir}/cert.key -in {inputfile} -out {outputfile}'.format(tmpdir=tmpdir,inputfile=inputfile,outputfile=outputfile))
except Exception as e:
print e
finally:
shutil.rmtree(tmpdir, ignore_errors=True)
def main(argv):
token = None
inputfile = None
outputfile = None
try:
opts, args = getopt.getopt(argv,"ht:f:o:",["token=","inputfile=","outputfile="])
except getopt.GetoptError:
print 'usage: sign_file.py -t <token> -f <inputfile> -o <outputfile>'
sys.exit(2)
for opt, arg in opts:
if opt == '-h':
print 'usage: sign_file.py -t <token> -f <inputfile> -o <outputfile>'
sys.exit()
elif opt in ("-t", "--token"):
token = arg
elif opt in ("-f", "--inputfile"):
inputfile = arg
elif opt in ("-o", "--outputfile"):
outputfile = arg
if not inputfile or not token or not outputfile:
print 'usage: sign_file.py -t <token> -f <inputfile> -o <outputfile>'
sys.exit()
if not os.path.isfile(inputfile):
print 'File does not exist'
sys.exit()
if not any(x == os.path.splitext(inputfile)[1] for x in ['.dll','.exe']):
print 'File can only be dll or exe'
sys.exit()
authenticode_sign_binary(token, inputfile, outputfile)
if __name__ == "__main__":
main(sys.argv[1:])