I don’t know if I’m doing something wrong, but trying to use this command: «sigthief.py -i real.dll -t test.dll -o clone.dll» doesn’t work.
Python (specifically 3.9.6) installed and SigThief.py is in the Tools folder with the two dlls inside the folder.
Is the input file signed? Try the -r flag. I can’t verify anything if I can’t get access to the files you are trying or if I do not have more details about your inputs.
…
On Aug 16, 2021, at 11:26 PM, BTFighter ***@***.***> wrote:
I don’t know if I’m doing something wrong, but trying to use this command: «sigthief.py -i real.dll -t test.dll -o clone.dll»
Python (specifically 3.9.6) installed and SigThief.py is in the Tools folder with the two dlls inside the folder.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
Yes:
After looking at source, it shouldn’t even get to this based on this input. I’m wondering if it’s because you are on windows OS vs *nix or macOS. I’ll give it a look next time I’m around a computer.
Installed python3.9.6 from the windows App Store and works for me.
You may need the newest version that is Open Source, do a git pull on the repo.
Outside of that, it has to be something with your environment. I’m going to close this as I cannot repro your issue with the info provided. If you have anything that can help me repro, pls share. Thx!
Using another computer, I was able to rip the signature:
You’re right, there must be something wrong on my part, thanks for helping.
sigthief.py: error: You must do something!
I don’t know if I’m doing something wrong, but trying to use this command: «sigthief.py -i real.dll -t test.dll -o clone.dll» doesn’t work.
Python (specifically 3.9.6) installed and SigThief.py is in the Tools folder with the two dlls inside the folder.
Is the input file signed? Try the -r flag. I can’t verify anything if I can’t get access to the files you are trying or if I do not have more details about your inputs.
…
Yes:
After looking at source, it shouldn’t even get to this based on this input. I’m wondering if it’s because you are on windows OS vs *nix or macOS. I’ll give it a look next time I’m around a computer.
Installed python3.9.6 from the windows App Store and works for me.
You may need the newest version that is Open Source, do a git pull on the repo.
Outside of that, it has to be something with your environment. I’m going to close this as I cannot repro your issue with the info provided. If you have anything that can help me repro, pls share. Thx!
Using another computer, I was able to rip the signature:
You’re right, there must be something wrong on my part, thanks for helping.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
New version available to Dev-tier sponsors: https://github.com/sponsors/secretsquirrel
Stable tier will have it End of Month August 2021
Stealing Signatures and Making One Invalid Signature at a Time (Unless you read this:
https://specterops.io/assets/resources/SpecterOps_Subverting_Trust_in_Windows.pdf)
https://twitter.com/subTee/status/912769644473098240
For security professionals only…
What is this?
I’ve noticed during testing against Anti-Virus over the years that each is different and each prioritize PE signatures differently, whether the signature is valid or not. There are some Anti-Virus vendors that give priority to certain certificate authorities without checking that the signature is actually valid, and there are those that just check to see that the certTable is populated with some value. It’s a mess.
So I’m releasing this tool to let you quickly do your testing and feel free to report it to vendors or not.
In short it will rip a signature off a signed PE file and append it to another one, fixing up the certificate table to sign the file.
Of course it’s not a valid signature and that’s the point!
I look forward to hearing about your results!
How to use
Usage
Usage: sigthief.py [options]
Options:
-h, --help show this help message and exit
-i FILE, --file=FILE input file
-r, --rip rip signature off inputfile
-a, --add add signautre to targetfile
-o OUTPUTFILE, --output=OUTPUTFILE
output file
-s SIGFILE, --sig=SIGFILE
binary signature from disk
-t TARGETFILE, --target=TARGETFILE
file to append signature too
-c, --checksig file to check if signed; does not verify signature
-T, --truncate truncate signature (i.e. remove sig)
Take a Signature from a binary and add it to another binary
$ ./sigthief.py -i tcpview.exe -t x86_meterpreter_stager.exe -o /tmp/msftesting_tcpview.exe
Output file: /tmp/msftesting_tcpview.exe
Signature appended.
FIN.
Save Signature to disk for use later
$ ./sigthief.py -i tcpview.exe -r
Ripping signature to file!
Output file: tcpview.exe_sig
Signature ripped.
FIN.
Use the ripped signature
$ ./sigthief.py -s tcpview.exe_sig -t x86_meterpreter_stager.exe
Output file: x86_meterpreter_stager.exe_signed
Signature appended.
FIN.
Truncate (remove) signature
This has really interesting results actually, can help you find AVs that value Signatures over functionality of code. Unsign putty.exe 
$ ./sigthief.py -i tcpview.exe -T
Inputfile is signed!
Output file: tcpview.exe_nosig
Overwriting certificate table pointer and truncating binary
Signature removed.
FIN.
Check if there is a signature (does not check validity)
$ ./sigthief.py -i tcpview.exe -c
Inputfile is signed!
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
Authenticator Code |
|
|
|
Thread Tools
|
|
|
#21 |
|||||||||||
|
AQRAMX Senior Member
Join Date: Aug 2020
Reputation: 751 Points: 2,854, Level: 5
Level up: 7%, 746 Points needed
Activity: 3.2%
Last Achievements |
Nice release as always, GOAT 🐐 __________________ |
|||||||||||
|
AQRAMX is offline |
|
|
|
#22 |
|||||||||||
|
tedyprakoso22 n00bie
Join Date: Jul 2022
Reputation: 10 Points: 479, Level: 1
Level up: 16%, 421 Points needed
Activity: 1.8%
|
nice release |
|||||||||||
|
tedyprakoso22 is offline |
|
|
|
#23 |
|||||||||||
|
yasingame20 Member
Join Date: May 2019
Reputation: -498 Points: 2,548, Level: 4
Level up: 64%, 252 Points needed
Activity: 3.5%
Last Achievements |
nice release ! |
|||||||||||
|
yasingame20 is online now |
|
|
|
#24 |
|||||||||||
|
10HEAD max<3
Join Date: Mar 2021 Location: Germany
Reputation: 10100 Points: 31,398, Level: 26
Level up: 53%, 802 Points needed
Activity: 1.9%
Last Achievements |
Good Job Mr. Max __________________ |
|||||||||||
|
10HEAD is online now |
|
|
|
#25 |
|||||||||||
|
ratnesh2 1337 H4x0!2
Join Date: Jan 2020 Location: Planet earth
Reputation: 418 Points: 3,795, Level: 6
Level up: 22%, 705 Points needed
Activity: 4.8%
Last Achievements |
Might get approved after Val update. |
|||||||||||
|
ratnesh2 is offline |
|
|
|
#26 |
|||||||||||
|
NioTv Senior Member
Join Date: Jun 2020
Reputation: 739 Points: 2,610, Level: 4
Level up: 73%, 190 Points needed
Activity: 19.5%
Last Achievements |
Quote:
Originally Posted by ratnesh2 Might get approved after Val update. When is the update ? __________________
|
|||||||||||
|
NioTv is offline |
|
|
|
#27 |
|||||||||||
|
ciceron Forum Moderator
Join Date: Dec 2010
Reputation: 34546 Recognitions Points: 132,650, Level: 52
Level up: 21%, 4,350 Points needed
Activity: 14.0%
Last Achievements |
Moderator note
 The hack uses an external API service to gather information about the in-game skins.
Thanks for sharing! https://www.unknowncheats.me/forum/d…=file&id=38325 File Approved
Interested in how we analyze files? Click here to find out. __________________ Discord: ciceron#9867 LDPlayer & PUBG Mobile optimization guide |
|||||||||||
|
ciceron is offline |
|
|
|
#28 |
|||||||||||
|
eduferreira00 Senior Member
Join Date: Aug 2021
Reputation: -71 Points: 1,143, Level: 2
Level up: 49%, 257 Points needed
Activity: 3.9%
Last Achievements |
my game is crashing |
|||||||||||
|
eduferreira00 is offline |
|
|
|
#29 |
|||||||||||
|
NioTv Senior Member
Join Date: Jun 2020
Reputation: 739 Points: 2,610, Level: 4
Level up: 73%, 190 Points needed
Activity: 19.5%
Last Achievements |
Hey everyone ! As you may know Pinguu (BlackMax97) released a Valorant UnlockAll internal DLL So im gonna quickly explain to i maked it work. —————————————————————————————————— So first of all, Download SigThief from github and the UnlockAll DLL from Pinguu’s post After that, get every files in one folder, like this:
Done? Ok, now go to the following directory: Code: C:Riot GamesVALORANTliveShooterGameBinariesWin64
And rename the UnlockAll Dll «Cheat.dll« Now, open a CMD in the same directory and enter this command: Code: sigthief.py -i stub.dll -t Cheat.dll -o CompPkgSup.dll And finally, move «CompPkgSup.dll» to the folder: Code: C:Riot GamesVALORANTliveShooterGameBinariesWin64
And Voila ! Start Valorant, and boom ! You have every single Valorant Skins ! (Up Vote if i helped you ^^)
__________________
|
|||||||||||
|
NioTv is offline |
|
Btw, this is the easiest method i personally used to make it work, yes, it is Detected. If you have your own UD Injector, use it instead.
|
|
#30 |
|||||||||||
|
snipedemon n00bie
Join Date: Jul 2021 Location: My house
Reputation: 27 Points: 1,288, Level: 2
Level up: 78%, 112 Points needed
Activity: 6.1%
Last Achievements |
Quote:
Originally Posted by NioTv Hey everyone ! As you may know Pinguu (BlackMax97) released a Valorant UnlockAll internal DLL So im gonna quickly explain to i maked it work. —————————————————————————————————— So first of all, Download SigThief from github and the UnlockAll DLL from Pinguu’s post After that, get every files in one folder, like this: Done? Ok, now go to the following directory: Code: C:Riot GamesVALORANTliveShooterGameBinariesWin64
And rename the UnlockAll Dll «Cheat.dll« Now, open a CMD in the same directory and enter this command: Code: sigthief.py -i stub.dll -t Cheat.dll -o CompPkgSup.dll And finally, move «CompPkgSup.dll» to the folder: Code: C:Riot GamesVALORANTliveShooterGameBinariesWin64 And Voila ! Start Valorant, and boom ! You have every single Valorant Skins ! (Up Vote if i helped you ^^)
Great explanation! |
|||||||||||
|
snipedemon is offline |
|
Btw, this is the easiest method i personally used to make it work, yes, it is Detected. If you have your own UD Injector, use it instead.
|
|
#31 |
|||||||||||
|
NioTv Senior Member
Join Date: Jun 2020
Reputation: 739 Points: 2,610, Level: 4
Level up: 73%, 190 Points needed
Activity: 19.5%
Last Achievements |
Quote:
Originally Posted by snipedemon Great explanation! Hope it worked ! __________________
|
|||||||||||
|
NioTv is offline |
|
|
|
#32 |
|||||||||||
|
mgt130999 n00bie
Join Date: Aug 2021
Reputation: 10 Points: 1,138, Level: 2
Level up: 48%, 262 Points needed
Activity: 1.8%
Last Achievements |
+rep |
|||||||||||
|
mgt130999 is online now |
|
|
|
#33 |
|||||||||||
|
bagbhosdike n00bie
Join Date: Oct 2021
Reputation: 10 Points: 755, Level: 1
Level up: 72%, 145 Points needed
Activity: 16.1%
|
Heyy please give your discord i want to add you when i run command in cmd this showing and vs code appear on my screen and nothing happen and when i try to run in vs code is showing please help me [main 2022-10-14T01:39:10.479Z] update#setState idle it stuck here in CMD pls help |
|||||||||||
|
bagbhosdike is offline |
|
|
|
#34 |
|||||||||||
|
snipedemon n00bie
Join Date: Jul 2021 Location: My house
Reputation: 27 Points: 1,288, Level: 2
Level up: 78%, 112 Points needed
Activity: 6.1%
Last Achievements |
Quote:
Originally Posted by NioTv Hope it worked ! I don�t understand the explanation. How do I put stub in sig thief? Can you send me a video tutorial. |
|||||||||||
|
snipedemon is offline |
|
|
|
#35 |
|||||||||||
|
FeedMyBalls n00bie
Join Date: May 2021
Reputation: 10 Points: 1,074, Level: 2
Level up: 35%, 326 Points needed
Activity: 12.9%
Last Achievements |
you basically get the stub dll file from «C:Riot GamesVALORANTliveShooterGameBinariesWin64 |
|||||||||||
|
FeedMyBalls is offline |
|
|
|
#36 |
|||||||||||
|
Full352 n00bie
Join Date: Jan 2022
Reputation: 10 Points: 1, Level: 1
Level up: 0%, 1 Points needed
Activity: 0%
|
i have a problem C:Users****DesktopSigThief-master>sigthief.py -i stub.dll -t Cheat.dll -o CompPkgSup.dll !! New Version available now for Dev Tier Sponsors! Sponsor here: https://github.com/sponsors/secretsquirrel Usage: sigthief.py [options] Options: sigthief.py: error: You must do something! |
|||||||||||
|
Full352 is offline |
|
|
|
#37 |
|||||||||||
|
wkrisdiyanto n00bie
Join Date: Dec 2017
Reputation: -74 Points: 3,665, Level: 6
Level up: 8%, 835 Points needed
Activity: 2.9%
Last Achievements |
+rep https://prnt.sc/Awww-N5K8d23
|
|||||||||||
|
wkrisdiyanto is online now |
|
|
|
#38 |
|||||||||||
|
deyrin n00bie
Join Date: Sep 2020
Reputation: -74 Points: 1,433, Level: 3
Level up: 5%, 667 Points needed
Activity: 3.2%
Last Achievements |
VAL 5 Ban so yeah this dll is work and like 60 mins i play in my account yeah i got banned, of course my hwid got banned too, so carefuly i rec dont play on your main account (use own risk) i just give some information for all of you |
|||||||||||
|
deyrin is offline |
|
|
|
#39 |
|||||||||||
|
tedyprakoso22 n00bie
Join Date: Jul 2022
Reputation: 10 Points: 479, Level: 1
Level up: 16%, 421 Points needed
Activity: 1.8%
|
Quote:
Originally Posted by deyrin so yeah this dll is work and like 60 mins i play in my account yeah i got banned, of course my hwid got banned too, so carefuly i rec dont play on your main account (use own risk) i just give some information for all of you
|
|||||||||||
|
tedyprakoso22 is offline |
|
|
|
#40 |
|||||||||||
|
drsultan42 n00bie
Join Date: Jan 2022
Reputation: 10 Points: 671, Level: 1
Level up: 55%, 229 Points needed
Activity: 3.2%
|
thnx worked no bans |
|||||||||||
|
drsultan42 is offline |
|
|
|
|
 Similar Threads |
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| [Question] Get peacock skin, just like fire skin. Is it possible? | geogre512 | Rainbow Six Siege | 19 | 17th May 2020 01:41 PM |
| [Help] [VB.NET][EXTERNAL] Skin Changer skin changer issue | zeoph123 | Counterstrike Global Offensive | 4 | 16th November 2018 08:12 PM |
| [Help] Skin Changer lagging upon skin change | mitch200997 | Counterstrike Global Offensive | 6 | 5th January 2018 02:23 AM |
| [Help] Skin changer and how to inject it | MusArmy | Counterstrike Global Offensive | 4 | 25th December 2016 08:21 PM |
| [Help] Skin changer doesn’t change skin | blodhblaka58 | Counterstrike Global Offensive | 5 | 17th October 2016 07:21 PM |
|
Tags |
| skin, changer, valorant, injector, virus, update, people, offsets, internal, [release] |
«
Previous Thread
|
Next Thread
»
|
Forum Jump |
All times are GMT. The time now is 02:30 AM.
Contact Us —
Toggle Dark Theme
Terms of Use Information Privacy Policy Information
Copyright ©2000-2023, Unknowncheats� UKCS #312436
 |
 |
no new posts
(МЕГА-СУПЕР-КРУТО-ХАЦКЕРСКАЯ привъюшка )
Приветствие читателе форума, и просто гостей, которым мы рады :3
В этой статье я опишу способ использования инструмент под названием SigThief. Он разрывает подпись из файла PE, и добавляет его в другой, исправив таблицу сертификатов для подписания файла. Суть в том что эта подпись, будет пересоздана инструментом, не действительная(фальшивая), это и есть секрет скрытия файла от АВ.
Что такое, подпись PE, читай тут:
Ссылка скрыта от гостей
Приступим: качаем с гита, заходим в папку, и проверяем «все ли на месте»:
Код:
git clone https://github.com/secretsquirrel/SigThief
cd SigThief
ls -l
Можно почитать, README, запускаем скрипт, и смотрим хелп:
Код:
python sigthief.py --help
1. Проверяем Есть ли водпись в .ехе файле(немножко пришлось повозиться чтоб найти файл с сигнатурой, с Фш выташила ):
Код:
python sigthief.py -i '/opt/SigThief/Ruiner.exe' -- нету подписей
python sigthief.py -i '/media/root/UUI/11/Приложения/AGF3DPrinterDriver.exe' -- есть подпись
Примечание: Можно все файлы копировать в папку и запускать напрямую(. /pruebas/+файл), и не вводить путь к файлу. Или перетаскивать файлы в консоль, как это делала я
2. Сохранения подписи:
Код:
python sigthief.py -i '[место_к_файлу]/[имя_файла].exe' -r
3. Использовать разорванную подпись:
Код:
python sigthief.py -s [место_к_файлу]/[имя_файла].exe_sig -t [файл_цель].exe
4.Удалять подпись:
Действительно интересные результаты, может помочь вам найти AVs, которые ценят подписи больше чем функциона кода
Код:
python sigthief.py -i [место_к_файлу]/[имя_файла].exe -T5. Создания файла с чужой подписью:
Код:
python sigthief.py -i '/opt/SigThief/url_pe.exe' -t '/opt/SigThief/Ruiner.exe' -o /tmp/url_pe_virus.exeОчень важно! Сохранять только в /tmp/
Использовала бекдор от TheFatRat, сначала до апгрейда и после (
Ссылка скрыта от гостей
, и
Ссылка скрыта от гостей
)
Спасибо за внимание, услышемся.