Disitool is a Python Program to Manipulate Embedded Digital Signatures

Executables (PE files) can have a digital signature, Microsoft calls this signature AuthentiCode. There are 2 different ways to sign a PE file: by adding a digital signature to the PE file (embedded digital signature) or by adding a hash of the PE file to a security catalog file (filetype .CAT).

Disitool is a small Python program to manipulate embedded digital signatures

  • delete a signature: disitool.py delete signed-file unsigned-file
  • copy a signature: disitool.py copy signed-source-file unsigned-file signed-file
  • extract a signature: disitool.py extract signed-file signature
  • add a signature: disitool.py add signature unsigned-file signed-file
  • inject data after the authenticode signature: disitool.py inject [–paddata] signed-source-file data-file signed-destination-file

It is not a tool to digitally sign executables, use signtool for this. When you add or copy a signature from one file to another file, the signature will not be valid.

disitool uses pefile, you’ll need to install this first. This new version (V0.2) will update the PE header checksum.

Download:

disitool_v0_3.zip (https)

MD5: 08D1CA036DC905D8E42AB3016A1B7821

SHA256: AEF923F49E53C7C2194058F34A73B293D21448DEB7E2112819FC1B3B450347B8

–Form Disitool

Leave a Reply