1
1
In Windows 10 it is possible to run unsigned applications but it is not possible to run signed applications where the signature has expired.
Is there any way to rip the signature out of an application and make it unsigned so that it could run?
1
1
In Windows 10 it is possible to run unsigned applications but it is not possible to run signed applications where the signature has expired.
Is there any way to rip the signature out of an application and make it unsigned so that it could run?
0
I already downloaded windows sdk with signtool as it was suggested in comments but then I found delcert small tool that strips (removes) digital sign (Authenticode) from PE executable files
easy. Now I can finally run that app without windows blocking it.
No; What you want is not possible. If you could do what you describe the signature could be replaced using the same mechanic and thus would basically be useless. – Ramhound – 2015-07-27T16:04:42.627
@Ramhound, if the signature would be replaced by someone else, it would have a different signer? I don't know about Windows, but on a Mac, that is perfectly possible. (On a Mac, that would only prompt the user if deemed important for the applicable security policy. And on a Mac, deleting a signature is possible as well.) – Arjan – 2015-07-27T19:33:35.457
Owyn, are you sure code signatures can expire? – Arjan – 2015-07-27T19:34:27.023
If the signature had a valid Time Server set when it was signed it can't expire (unless the certificate was revoked, not just expired). The only two things that matter are that the certificate was valid at the time of signing and the certificate for the time server's is currently valid.
– Scott Chamberlain – 2015-07-27T19:46:14.437I'm not talking about replacing a signature, just getting rid of it. I've heard it is expired and windows just blocks this app saying its author isn't trustworthy (so I googled around and it said its signature expired cuz program is old) – Owyn – 2015-07-27T21:20:57.170
I'd probably generate a self signed cert and resign with
– ssnobody – 2015-07-27T22:33:05.357SignTool
(replacing the previous signature). You can however, just remove (rather than replace) via ImageRemoveCertificate Searching for UnSigner may be useful (though possibly untrustworthy)