M507 · October 19, 2025 18:19
diff --git a/.\sign.ps1 b/.\sign.ps1
 <#
 Usage:
  .\sign.ps1 .\file.exe MyCertName
 #>

 param(
    [Parameter(Mandatory = $true)]
    [string]$FileToSign,

    [Parameter(Mandatory = $true)]
    [string]$CertName
 )

 # --- Configuration ---
 $pfxPath      = "C:\${CertName}.pfx"
 $pfxPassword  = "MyPassword123!"
 $timestampURL = "http://timestamp.digicert.com"
 $signtoolURL  = "https://github.com/Mr-Un1k0d3r/Windows-SignedBinary/raw/refs/heads/master/signtool.exe"
 $signtoolPath = "C:\tmp\signtool.exe"
 # ----------------------

 # --- Ensure target file exists ---
 if (-not (Test-Path $FileToSign)) {
    Write-Error "[!] Target file not found: $FileToSign"
    exit 1
 }
 $FileToSign = (Resolve-Path $FileToSign).Path

 # --- Ensure signtool.exe exists ---
 if (-not (Test-Path $signtoolPath)) {
    Write-Host "[*] signtool.exe not found — downloading..."
    try {
        Invoke-WebRequest -Uri $signtoolURL -OutFile $signtoolPath -UseBasicParsing
        Write-Host "[+] signtool.exe downloaded successfully to $signtoolPath"
    } catch {
        Write-Error "[!] Failed to download signtool.exe. Check your network or URL."
        exit 1
    }
 } else {
    Write-Host "[+] signtool.exe found at $signtoolPath"
 }

 # --- Create self-signed certificate ---
 Write-Host "`n[1] Creating self-signed code-signing certificate ($CertName)..."
 $cert = New-SelfSignedCertificate -Type CodeSigningCert -Subject "CN=$CertName" -CertStoreLocation "Cert:\CurrentUser\My"

 # --- Export certificate to PFX ---
 Write-Host "[2] Exporting certificate to PFX ($pfxPath)..."
 $securePwd = ConvertTo-SecureString -String $pfxPassword -Force -AsPlainText
 Export-PfxCertificate -Cert $cert.PSPath -FilePath $pfxPath -Password $securePwd | Out-Null

 # --- Import to Trusted Root store ---
 Write-Host "[3] Importing certificate into Trusted Root store..."
 Import-PfxCertificate -FilePath $pfxPath -CertStoreLocation Cert:\CurrentUser\Root -Password $securePwd | Out-Null

 # --- Signing process ---
 Write-Host "[4] Signing $FileToSign..."
 & $signtoolPath sign /f $pfxPath /p $pfxPassword /fd sha256 /tr $timestampURL /td sha256 $FileToSign
 $signExit = $LASTEXITCODE

 if ($signExit -ne 0) {
    Write-Warning "[!] Timestamp server unreachable — retrying without timestamp..."
    & $signtoolPath sign /f $pfxPath /p $pfxPassword /fd sha256 $FileToSign
    $signExit = $LASTEXITCODE
 }

 if ($signExit -eq 0) {
    Write-Host "[4] ✅ Successfully signed $FileToSign"
 } else {
    Write-Error "[!] Signing failed (exit code $signExit)"
    exit $signExit
 }

 # --- Verification ---
 Write-Host "[5] Verifying signature..."
 & $signtoolPath verify /pa /v $FileToSign
 $verifyExit = $LASTEXITCODE

 if ($verifyExit -eq 0) {
    Write-Host "`n✅ Verified successfully!"
 } else {
    Write-Warning "`n⚠️ Verification failed — check output above."
 }

 Write-Host "`nCertificate Name:  $CertName"
 Write-Host "Certificate Path:  $pfxPath"
 Write-Host "Signed File:       $FileToSign"
 Write-Host "`nRight-click → Properties → Digital Signatures to confirm."
	<#
	Usage:
	.\sign.ps1 .\file.exe MyCertName
	#>

	param(
	[Parameter(Mandatory = $true)]
	[string]$FileToSign,

	[Parameter(Mandatory = $true)]
	[string]$CertName
	)

	# --- Configuration ---
	$pfxPath = "C:\${CertName}.pfx"
	$pfxPassword = "MyPassword123!"
	$timestampURL = "http://timestamp.digicert.com"
	$signtoolURL = "https://github.com/Mr-Un1k0d3r/Windows-SignedBinary/raw/refs/heads/master/signtool.exe"
	$signtoolPath = "C:\tmp\signtool.exe"
	# ----------------------

	# --- Ensure target file exists ---
	if (-not (Test-Path $FileToSign)) {
	Write-Error "[!] Target file not found: $FileToSign"
	exit 1
	}
	$FileToSign = (Resolve-Path $FileToSign).Path

	# --- Ensure signtool.exe exists ---
	if (-not (Test-Path $signtoolPath)) {
	Write-Host "[*] signtool.exe not found — downloading..."
	try {
	Invoke-WebRequest -Uri $signtoolURL -OutFile $signtoolPath -UseBasicParsing
	Write-Host "[+] signtool.exe downloaded successfully to $signtoolPath"
	} catch {
	Write-Error "[!] Failed to download signtool.exe. Check your network or URL."
	exit 1
	}
	} else {
	Write-Host "[+] signtool.exe found at $signtoolPath"
	}

	# --- Create self-signed certificate ---
	Write-Host "`n[1] Creating self-signed code-signing certificate ($CertName)..."
	$cert = New-SelfSignedCertificate -Type CodeSigningCert -Subject "CN=$CertName" -CertStoreLocation "Cert:\CurrentUser\My"

	# --- Export certificate to PFX ---
	Write-Host "[2] Exporting certificate to PFX ($pfxPath)..."
	$securePwd = ConvertTo-SecureString -String $pfxPassword -Force -AsPlainText
	Export-PfxCertificate -Cert $cert.PSPath -FilePath $pfxPath -Password $securePwd \| Out-Null

	# --- Import to Trusted Root store ---
	Write-Host "[3] Importing certificate into Trusted Root store..."
	Import-PfxCertificate -FilePath $pfxPath -CertStoreLocation Cert:\CurrentUser\Root -Password $securePwd \| Out-Null

	# --- Signing process ---
	Write-Host "[4] Signing $FileToSign..."
	& $signtoolPath sign /f $pfxPath /p $pfxPassword /fd sha256 /tr $timestampURL /td sha256 $FileToSign
	$signExit = $LASTEXITCODE

	if ($signExit -ne 0) {
	Write-Warning "[!] Timestamp server unreachable — retrying without timestamp..."
	& $signtoolPath sign /f $pfxPath /p $pfxPassword /fd sha256 $FileToSign
	$signExit = $LASTEXITCODE
	}

	if ($signExit -eq 0) {
	Write-Host "[4] ✅ Successfully signed $FileToSign"
	} else {
	Write-Error "[!] Signing failed (exit code $signExit)"
	exit $signExit
	}

	# --- Verification ---
	Write-Host "[5] Verifying signature..."
	& $signtoolPath verify /pa /v $FileToSign
	$verifyExit = $LASTEXITCODE

	if ($verifyExit -eq 0) {
	Write-Host "`n✅ Verified successfully!"
	} else {
	Write-Warning "`n⚠️ Verification failed — check output above."
	}

	Write-Host "`nCertificate Name: $CertName"
	Write-Host "Certificate Path: $pfxPath"
	Write-Host "Signed File: $FileToSign"
	Write-Host "`nRight-click → Properties → Digital Signatures to confirm."