Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #51  
Old 05-11-2009, 07:27 PM
cadbob cadbob is offline
Senior Member
 
Join Date: Dec 2007
Posts: 52
Default

Quote:
Originally Posted by Git View Post
The reason he didn't sign it is probably because it costs quite a few hundred dollars minimum to get a developers certificate and it will only be granted if your details are disclosed and your reputation impeccable. Doesn't exactly go hand in hand with writing dongle emulators.

So it has to be fudged. Full fidging instructions you will find if you search here.

Git

Oh nooo, I knew that he/she could not go about it through Microsoft, but why not use Arcor to sign?

Does it not work?

I have read so many diffrent ways people have tried but have not seen the best way yet. I might be missing something along my searches. But I'm in here reading every night. Even thou some things I just dont understand I still read and read. I'm just a lowly drafter! So if you could give some hints or links would be awesome.

Thanks
Reply With Quote
  #52  
Old 05-11-2009, 07:41 PM
Klopschik Klopschik is offline
Senior Member
 
Join Date: Feb 2008
Posts: 110
Default

Use readydriverplus http://www.citadelindustries.net/rea...plus/index.php

This does work without problems!
Reply With Quote
  #53  
Old 05-11-2009, 08:13 PM
cadbob cadbob is offline
Senior Member
 
Join Date: Dec 2007
Posts: 52
Default

Quote:
Originally Posted by Klopschik View Post
Use readydriverplus http://www.citadelindustries.net/rea...plus/index.php

This does work without problems!
Thanks Klopschik, I have read that but also read people are having problems with it. Does it run with Vista 64 SP1?
Reply With Quote
  #54  
Old 05-12-2009, 04:23 AM
Klopschik Klopschik is offline
Senior Member
 
Join Date: Feb 2008
Posts: 110
Default

...without probs on 2 different pc's (asus). Works also on win seven.
Reply With Quote
  #55  
Old 05-12-2009, 08:16 AM
cadbob cadbob is offline
Senior Member
 
Join Date: Dec 2007
Posts: 52
Default

Great thanks Klopschik! For the life of me I cant under stand the below instructions to sign the Multikey.sys so I wouldnt have to use driver ready. Would be nice to get some coaching from the pros!

Enable the testsigning mode in the vista boot loader:

bcdedit.exe /set TESTSIGNING ON
These instructions are for the first time you sign a driver:

1) Create the certificate:

makecert.exe -$ individual -r -pe -ss "WRFan Certificate Store" -n CN="WRFan Treibersignierung" "WRFan Treibersignierung.cer"

2) Install the certificate into the Trusted Root Certification Authorities store:

certmgr.exe /add "WRFan Treibersignierung.cer" /s /r localMachine root

or do it manually through the Certificate snap-in:

%windir%\System32\certmgr.msc

3) Sign the driver with the certificate:

signtool.exe sign /v /s "WRFan Certificate Store" /n "WRFan Treibersignierung" BT848.sys

4) Verify the signed driver validity:

signtool.exe verify /pa /v BT848.sys

5) Overwrite the original driver with the signed one and reboot your system. Changes to the vista boot loader require a reboot, if you already are in testsigning mode, you might open the device manager and re-activate the device that relies on the signed driver, then a reboot is not necessary
--------------------
For signing further drivers, repeat steps 3 + 4 + 5
Reply With Quote
  #56  
Old 05-12-2009, 11:02 AM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,796
Default

It is spelled out exactly step by step, what more could anybody do to help you. Do you want somebody to actually do it for you?

Git
Reply With Quote
  #57  
Old 05-12-2009, 12:30 PM
cadbob cadbob is offline
Senior Member
 
Join Date: Dec 2007
Posts: 52
Default

Quote:
Originally Posted by Git View Post
It is spelled out exactly step by step, what more could anybody do to help you. Do you want somebody to actually do it for you?

Git

LOL, Mind?

Sorry Couldn't resist

But seriously, I don't see where to type in Multikey.sys? I know Treibersignierung is German for driver at least I think so, so do I replace that with Multikey.sys?

From what I have gathered though it only creates a Test Certificate (Not a Hacked one) so you would still have to boot in test mode to use it. (Is that true?) If so seeing I dont cant get XP64 drivers for my laptop im stuck with Vista 64 and using my dongle! (Sucks)

Thanks

Last edited by cadbob : 05-12-2009 at 01:36 PM.
Reply With Quote
  #58  
Old 05-18-2009, 07:31 AM
Edison Edison is offline
Junior Member
 
Join Date: May 2009
Posts: 2
Default

McAfee SecurityCenter thinks Multikey V.18.0.3 is full of virus and troyans. Should I be worried?
Reply With Quote
  #59  
Old 05-18-2009, 08:26 AM
Trit0n Trit0n is offline
Senior Member
 
Join Date: Feb 2008
Posts: 114
Default

Quote:
Originally Posted by Edison View Post
McAfee SecurityCenter thinks Multikey V.18.0.3 is full of virus and troyans. Should I be worried?
I don't think so
Test with Online Scan (http://www.virustotal.com)

PHP Code:
File MultiKey.sys received on 05.06.2009 10:54:28 (CET)
Current statusfinished 

Result
0/40 (0.00%)
 
Compact Print results  
Antivirus Version Last Update Result 
a
-squared 4.0.0.101 2009.05.06 
AhnLab-V3 5.0.0.2 2009.05.06 
AntiVir 7.9.0.160 2009.05.06 
Antiy-AVL 2.0.3.1 2009.05.06 
Authentium 5.1.2.4 2009.05.06 
Avast 4.8.1335.0 2009.05.05 
AVG 8.5.0.327 2009.05.05 
BitDefender 7.2 2009.05.06 
CAT-QuickHeal 10.00 2009.05.06 
ClamAV 0.94.1 2009.05.06 
Comodo 1153 2009.05.06 
DrWeb 5.0.0.12182 2009.05.06 
eSafe 7.0.17.0 2009.05.05 
eTrust-Vet 31.6.6490 2009.05.05 
F-Prot 4.4.4.56 2009.05.05 
F-Secure 8.0.14470.0 2009.05.06 
Fortinet 3.117.0.0 2009.05.06 
GData 19 2009.05.06 
Ikarus T3.1.1.49.0 2009.05.06 
K7AntiVirus 7.10.723 2009.05.05 
Kaspersky 7.0.0.125 2009.05.06 
McAfee 5606 2009.05.05 
McAfee+Artemis 5606 2009.05.05 
McAfee-GW-Edition 6.7.6 2009.05.06 
Microsoft 1.4602 2009.05.06 
NOD32 4055 2009.05.06 
Norman 6.01.05 2009.05.05 
nProtect 2009.1.8.0 2009.05.06 
Panda 10.0.0.14 2009.05.05 
PCTools 4.4.2.0 2009.05.05 
Prevx1 3.0 2009.05.06 
Rising 21.28.21.00 2009.05.06 
Sophos 4.41.0 2009.05.06 
Sunbelt 3.2.1858.2 2009.05.06 
Symantec 1.4.4.12 2009.05.06 
TheHacker 6.3.4.1.319 2009.05.05 
TrendMicro 8.950.0.1092 2009.05.06 
VBA32 3.12.10.4 2009.05.05 
ViRobot 2009.5.6.1720 2009.05.06 
VirusBuster 4.6.5.0 2009.05.05 
Additional information 
File size
90112 bytes 
MD5
...: 70fe2a9d444badac5b6efaecf31e20a7 
SHA1
..: 67daab1ee252da8fd3e99155baa235f22fab10e7 
SHA256
d29bdbdee029a963d9d358c0c9c4fbce24ea112433c36bc8fc9eb0f498ceacf9 
SHA512
e3c215f23ba70b8fc357547432f37d31e94156c3317c47946e8fcb956425b52e
ec69ede4e6fd9fe44e946e7448d061e7bdd8bc2a0189932316627aba00814920 
ssdeep
1536:XpICS4Ai4FmjLiL7dXDDOE+AajtdHJsh1SWBAIrykoMd9HglZ/fF+7:i7hD
DOE
+AI0Is5BnglZ/f47
 
PEiD
..: - 
TrID..: File type identification
Win32 Executable Generic 
(51.1%)
Win16/32 Executable Delphi generic (12.4%)
Clipper DOS Executable (12.1%)
Generic Win/DOS Executable (12.0%)
DOS Executable Generic (12.0%) 
PEInfoPE Structure information

base data )
entrypointaddress.: 0x14956
timedatestamp
.....: 0x49e5a2ec (Wed Apr 15 09:03:40 2009)
machinetype.......: 0x14c (I386)

6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x480 0x75ae 0x7600 7.01 8bc3ff37b81d2b6b727edc36b90bc900
.data 0x7a80 0x1dc 0x200 1.62 91e25fd46d9bfce20ceda292962ea36c
PAGE 0x7c80 0xcb55 0xcb80 6.46 6e841dd6f8355a5f143170a9321e0686
INIT 0x14800 0x6ba 0x700 5.68 f44e837d52531732baf114344667d780
.rsrc 0x14f00 0x3e8 0x400 3.32 e2fd057ddc171cb63ecc2f5f75553e33
.reloc 0x15300 0xcfe 0xd00 6.61 be3910a1bd573be990c5ac9231b7ac1c

2 imports 
ntoskrnl.exeDbgPrintIofCompleteRequestRtlAssertIoInvalidateDeviceRelationsExFreePoolKeClearEventInterlockedIncrementKeSetEventInterlockedDecrementIoGetDevicePropertyIoAttachDeviceToDeviceStackIoDeleteDeviceIoRegisterDeviceInterfaceKeInitializeEventIoCreateDeviceObfReferenceObjectIoDetachDeviceIofCallDriverKeWaitForSingleObjectIoSetDeviceInterfaceStateKeLeaveCriticalRegionExAllocatePoolWithTagIoRequestDeviceEjectPoStartNextPowerIrpPoCallDriverPoSetPowerStateswprintfObfDereferenceObjectIoBuildSynchronousFsdRequestIoGetAttachedDeviceReferenceZwCloseZwSetValueKeyZwOpenKeyRtlInitUnicodeStringRtlTimeFieldsToTimeRtlTimeToTimeFieldsKeQuerySystemTimeKeTickCountZwEnumerateKeyZwQueryKeyZwQueryValueKeyKeDelayExecutionThreadKeBugCheckExRtlCopyUnicodeStringIoGetCurrentProcessKeEnterCriticalRegionstrncmp
HAL.dllExReleaseFastMutexKeGetCurrentIrqlExAcquireFastMutex

0 exports 
 
PDFiD.: - 
RDS...: NSRL Reference Data Set

packers (Kaspersky): PE_Patch 
Reply With Quote
  #60  
Old 05-19-2009, 03:59 AM
Edison Edison is offline
Junior Member
 
Join Date: May 2009
Posts: 2
Default

It is the Guardant dumper file that is the source of the problem. McAfee SecurityCenter deletes the Guardant dumper Grd2Mult.exe everytime I try to unrar it, claiming it is infected by a 'New Malware.n' Troyan...
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.