• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

How to sign your own modded drivers

Joined
Dec 8, 2020
Messages
2,993 (2.10/day)
Location
United Kingdom
For those interested in making their own drivers, for any reason, and would like to sign it, allowing them to share it with others.

----

Step 1:

You can create a self-signed Code Signing certificate without using third-party tools by using the PowerShell 5.0 cmdlet – New-SelfSifgnedCertificate:

$Cert = New-SelfSignedCertificate -Subject "SIGNERNAME” -Type CodeSigningCert -CertStoreLocation cert:\LocalMachine\My


Then you need to export this certificate to the pfx file with the password:

$CertPassword = ConvertTo-SecureString -String “P@ssw0rd” -Force –AsPlainText
Export-PfxCertificate -Cert $Cert -FilePath C:\DriverCert\NAME.pfx -Password $CertPassword

----

Step 2:

Download WoSignCode, and its operation manual (its very easy to use), you only need the 'Code Signing' and 'CAB/CAT' options, and internet.
You will need to make a basic powershell and command prompt batch file, and modded shortcut (example here).

Note: The tool requires internet connect for timestamps and file virus scanning.

Now .7z .zip, .rar your signed worked and share!
 

Solaris17

Super Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
26,845 (3.83/day)
Location
Alabama
System Name RogueOne
Processor Xeon W9-3495x
Motherboard ASUS w790E Sage SE
Cooling SilverStone XE360-4677
Memory 128gb Gskill Zeta R5 DDR5 RDIMMs
Video Card(s) MSI SUPRIM Liquid X 4090
Storage 1x 2TB WD SN850X | 2x 8TB GAMMIX S70
Display(s) Odyssey OLED G9 (G95SC)
Case Thermaltake Core P3 Pro Snow
Audio Device(s) Moondrop S8's on schitt Modi+ & Valhalla 2
Power Supply Seasonic Prime TX-1600
Mouse Lamzu Atlantis mini (White)
Keyboard Monsgeek M3 Lavender, Akko Crystal Blues
VR HMD Quest 3
Software Windows 11 Pro Workstation
Benchmark Scores I dont have time for that.
What is the example? Its just some audio installer on mega upload.
 
Joined
Dec 8, 2020
Messages
2,993 (2.10/day)
Location
United Kingdom
The install shortcut and batch file. Self elevated with non admin functionality, double click install. No installer method, using official Microsoft commands.

1.png 2.png

This method allows receivers to can scan the files freely, not hidden behind installers, or password bypasses (.zip).
 
Last edited:

Solaris17

Super Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
26,845 (3.83/day)
Location
Alabama
System Name RogueOne
Processor Xeon W9-3495x
Motherboard ASUS w790E Sage SE
Cooling SilverStone XE360-4677
Memory 128gb Gskill Zeta R5 DDR5 RDIMMs
Video Card(s) MSI SUPRIM Liquid X 4090
Storage 1x 2TB WD SN850X | 2x 8TB GAMMIX S70
Display(s) Odyssey OLED G9 (G95SC)
Case Thermaltake Core P3 Pro Snow
Audio Device(s) Moondrop S8's on schitt Modi+ & Valhalla 2
Power Supply Seasonic Prime TX-1600
Mouse Lamzu Atlantis mini (White)
Keyboard Monsgeek M3 Lavender, Akko Crystal Blues
VR HMD Quest 3
Software Windows 11 Pro Workstation
Benchmark Scores I dont have time for that.
Code:
@echo

"%CD%\BIN\elevate" powershell Import-PfxCertificate -FilePath '%CD%\BIN\signed.pfx' -Password (ConvertTo-SecureString -String 'P@ss0wrd' -AsPlainText -Force) -CertStoreLocation Cert:\LocalMachine\Root

timeout 6

"%CD%\BIN\elevate" pnputil -i -a "%CD%\WIN10\*.inf"

exit

for those that don't want to download the drivers.

You should also be able to forego the elevate.exe and simply have the batch self elevate like so:

Code:
@echo off

:: Self execute as admin by creating a VBS that calls myself.
SETLOCAL EnableDelayedExpansion
for /F "tokens=1,2 delims=#" %%a in ('"prompt #$H#$E# & Echo on & for %%b in (1) do     rem"') do (
  set "DEL=%%a"
)
cls

:checkPrivileges
NET FILE 1>NUL 2>NUL
if '%errorlevel%' == '0' ( goto main) else ( goto getPrivileges )

:getPrivileges
if '%1'=='ELEV' (shift & goto main)                              
for /f "delims=: tokens=*" %%A in ('findstr /b ::- "%~f0"') do @Echo(%%A
setlocal DisableDelayedExpansion
set "batchPath=%~0"
setlocal EnableDelayedExpansion
Echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\OEgetPrivileges.vbs"
Echo UAC.ShellExecute "!batchPath!", "ELEV", "", "runas", 1 >> "%temp%\OEgetPrivileges.vbs"
"%temp%\OEgetPrivileges.vbs"
exit /B
echo.

:main
powershell Import-PfxCertificate -FilePath '%CD%\BIN\signed.pfx' -Password (ConvertTo-SecureString -String 'P@ss0wrd' -AsPlainText -Force) -CertStoreLocation Cert:\LocalMachine\Root

timeout 6

pnputil -i -a "%CD%\WIN10\*.inf"

exit
 
Joined
Dec 8, 2020
Messages
2,993 (2.10/day)
Location
United Kingdom
Was being lazy. Thank you.
 
Last edited:
Joined
Jun 8, 2021
Messages
47 (0.04/day)
Would this work for modified kernel drivers on >=1709 to avoid testsigning mode?
 
Joined
Dec 8, 2020
Messages
2,993 (2.10/day)
Location
United Kingdom
Yes, I still use it to sign drivers and files, you can even sign third party files (such as .exe), with your certificate, if they are not already signed.
If you intend to share the driver and-or files, you will need to install your certificate on the machine before anything else.

Once your certificate is installed on the machine, it will work in every way, as much as Microsoft signed files.

certutil -f -p "ThePassword" -importpfx -v trustedpublisher "location-to\signed.pfx"

----


====

 
Last edited:

AAF Optimus

Audio Modder
Joined
Mar 1, 2017
Messages
1,188 (0.42/day)
Location
Rio de Janeiro, Brazil
System Name NEW AAF OPTIMUS RIG
Processor AMD Ryzen 5 5600X (6C/12T)
Motherboard ASUS TUF Gaming B550M-Plus
Cooling DEEPCOOL Gammax L120T
Memory CRUCIAL Pro Gaming 32GB DDR4-3200 (2x16GB)
Video Card(s) NVIDIA GeForce RTX 3060 12GB MSI Ventus 2X OC LHR
Storage ADATA Legend 710 PCIe Gen3 x4 256GB; ADATA Legend 800 PCIe Gen4 x4 2TB; GoldenFir SSD 1TB
Display(s) AOC VIPER 27" 165Hz 1ms (27G2SE)
Case DARKFLASH DK100-BK
Audio Device(s) AAF Optimus Audio (Sound Blaster + Dolby [Dolby Atmos For Built-In Speakers])
Power Supply REDRAGON RGPS 600W 80 PLUS Bronze Full Modular
Mouse CLAHM CL-MM386 7200DPI
Keyboard MOTOSPEED CK-108 Mechanical Keyboard
Software Windows 11 Pro x64 23H2
Would this work for modified kernel drivers on >=1709 to avoid testsigning mode?
No, because Microsoft implemented their well-known root certificates directly in the EFI and Legacy boot binaries and configured policies that result in the WHQL and ELAM signing programs, for example.
 
Joined
Jun 8, 2021
Messages
47 (0.04/day)
Any way to circumvent this or somehow self-sign kernel drivers in a different way?
 

AAF Optimus

Audio Modder
Joined
Mar 1, 2017
Messages
1,188 (0.42/day)
Location
Rio de Janeiro, Brazil
System Name NEW AAF OPTIMUS RIG
Processor AMD Ryzen 5 5600X (6C/12T)
Motherboard ASUS TUF Gaming B550M-Plus
Cooling DEEPCOOL Gammax L120T
Memory CRUCIAL Pro Gaming 32GB DDR4-3200 (2x16GB)
Video Card(s) NVIDIA GeForce RTX 3060 12GB MSI Ventus 2X OC LHR
Storage ADATA Legend 710 PCIe Gen3 x4 256GB; ADATA Legend 800 PCIe Gen4 x4 2TB; GoldenFir SSD 1TB
Display(s) AOC VIPER 27" 165Hz 1ms (27G2SE)
Case DARKFLASH DK100-BK
Audio Device(s) AAF Optimus Audio (Sound Blaster + Dolby [Dolby Atmos For Built-In Speakers])
Power Supply REDRAGON RGPS 600W 80 PLUS Bronze Full Modular
Mouse CLAHM CL-MM386 7200DPI
Keyboard MOTOSPEED CK-108 Mechanical Keyboard
Software Windows 11 Pro x64 23H2
Any way to circumvent this or somehow self-sign kernel drivers in a different way?
I am not aware of any alternative method other than WHQL.
 

AAF Optimus

Audio Modder
Joined
Mar 1, 2017
Messages
1,188 (0.42/day)
Location
Rio de Janeiro, Brazil
System Name NEW AAF OPTIMUS RIG
Processor AMD Ryzen 5 5600X (6C/12T)
Motherboard ASUS TUF Gaming B550M-Plus
Cooling DEEPCOOL Gammax L120T
Memory CRUCIAL Pro Gaming 32GB DDR4-3200 (2x16GB)
Video Card(s) NVIDIA GeForce RTX 3060 12GB MSI Ventus 2X OC LHR
Storage ADATA Legend 710 PCIe Gen3 x4 256GB; ADATA Legend 800 PCIe Gen4 x4 2TB; GoldenFir SSD 1TB
Display(s) AOC VIPER 27" 165Hz 1ms (27G2SE)
Case DARKFLASH DK100-BK
Audio Device(s) AAF Optimus Audio (Sound Blaster + Dolby [Dolby Atmos For Built-In Speakers])
Power Supply REDRAGON RGPS 600W 80 PLUS Bronze Full Modular
Mouse CLAHM CL-MM386 7200DPI
Keyboard MOTOSPEED CK-108 Mechanical Keyboard
Software Windows 11 Pro x64 23H2
Why is this method for example not sufficient?
Microsoft seems to have made it irrelevant. Or it is only valid for driver packages whose catalogs are signed with an unrecognized, expired certificate, or one that is not present in the Windows certificate database.
 
Joined
Dec 8, 2020
Messages
2,993 (2.10/day)
Location
United Kingdom
It would depend on if he simply wants to sign a driver .inf and add a catalogue, then the posted method and tools are correct.
They will also sign .exe, .dll's and so on, as far as .sys files, they indeed need to be WHQL signed.

For example, I can write a driver .inf, modify the .exe and .dll, and sign them, no issues.
If I remove and replace the .sys signature, I will get a WHQL warning.

----

If the .exe's and .dll's and even .sys files are already signed, and recent enough, its the .inf compilation that needs to pass.
Lets say I downloaded a nomal Realtek driver, and simply added one letter to the .inf, its no longer valid.

----

Another example, if I took an admin app, that opens a yellow admin warning, with un-trusted publisher at the bottom.
If I create and install a certificate, then sign the apps .exe with it, it will now be blue, with trusted publisher.

----

If he was byte patching with something like IDA Pro, then the file signature remains untouched, and still fully valid.
If he was creating his own .sys file (not patching), it will need to be signed with a WHQL certificate.

The rest, not so much.
 
Last edited:
Joined
Jun 8, 2021
Messages
47 (0.04/day)
Yes it's a .sys file I need to modify. IDA Pro byte patching sounds promising then.

I actually used IDA free so far but am really new to it, is byte patching not available there?
 

St1cky

New Member
Joined
Jul 11, 2022
Messages
1 (0.00/day)
If he was byte patching with something like IDA Pro, then the file signature remains untouched, and still fully valid.
If he was creating his own .sys file (not patching), it will need to be signed with a WHQL certificate.
How can the signature still be valid after patching with IDA, doesn't make any sense to me. Because the checksum/hash of the file changes and the signature is therefore invalid?
 
Joined
Jul 16, 2014
Messages
8,194 (2.18/day)
Location
SE Michigan
System Name Dumbass
Processor AMD Ryzen 7800X3D
Motherboard ASUS TUF gaming B650
Cooling Artic Liquid Freezer 2 - 420mm
Memory G.Skill Sniper 32gb DDR5 6000
Video Card(s) GreenTeam 4070 ti super 16gb
Storage Samsung EVO 500gb & 1Tb, 2tb HDD, 500gb WD Black
Display(s) 1x Nixeus NX_EDG27, 2x Dell S2440L (16:9)
Case Phanteks Enthoo Primo w/8 140mm SP Fans
Audio Device(s) onboard (realtek?) - SPKRS:Logitech Z623 200w 2.1
Power Supply Corsair HX1000i
Mouse Steeseries Esports Wireless
Keyboard Corsair K100
Software windows 10 H
Benchmark Scores https://i.imgur.com/aoz3vWY.jpg?2

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
27,693 (3.70/day)
Processor Ryzen 7 5700X
Memory 48 GB
Video Card(s) RTX 4080
Storage 2x HDD RAID 1, 3x M.2 NVMe
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 10 64-bit
If he was byte patching with something like IDA Pro, then the file signature remains untouched, and still fully valid.
Not true

How can the signature still be valid after patching with IDA, doesn't make any sense to me. Because the checksum/hash of the file changes and the signature is therefore invalid?
Correct
 
Joined
Dec 8, 2020
Messages
2,993 (2.10/day)
Location
United Kingdom
I will explain using 'resource hacker' because its easier, lets say the file is a Realtek APO .dll file, if I right click > properties, I can see a signed file.

Now I open it with resource hacker, and edit, one letter or number, or change the file version, then apply, its still signed.
If I was to edit, the table or in some cases remove-rename entries, and save it, it will be unsigned.

The unsigned version, will still have a certificate embedded, and will fail any unsign-resign attempt.
 
Top