Page 2 of 6
#16 RE:[Tips+Discussion] Use of Drivers mod+signed by Win-RAID CA by zt3 23.08.2015 20:44

Found it! Actually here's what you need to do:

- Right click on the isctd.cat file > Properties > Digital Signatures > Click on Win-RAID CA > Details > See Certificate > Install Certificate > Local Machine > Place all certificates in the following store > Select Trusted Root Certification Authorities > Ok > Finish

Once you do this, the driver will install without any problem and as soon as you load it from the device manager it shows "This driver has a signature" the opposite if you use the certificate file which states that "this driver isn't digital signed". Maybe a problem with the certificate? The other drivers i tested your certificate works good but here it seems that we need to install it directly from the .cat file.

PS: If you want to test it by yourself all you have to do is to uninstall the driver (or drivers, depending if you had one before this one) checking the option to "Remove the software controller of this device" until you get that driver with a yellow mark. If you want you can also open the certificates manager of your computer > Win key + X > Run > certmgr.msc to uninstall it.

Next just do what i've said above about the .cat file and you'll see that it works without any problem. You can even delete de Certificate file as it makes no difference.

#17 RE:[Tips+Discussion] Use of Drivers mod+signed by Win-RAID CA by Fernando 23.08.2015 20:58

avatar

@ zt3:
Thanks for having found the solution for our remaining problem!

Zitat von zt3 im Beitrag #14
You can even delete de Certificate file as it makes no difference.
Does that mean, that I don't need to add the certificate file to the driver files?

#18 RE:[Tips+Discussion] Use of Drivers mod+signed by Win-RAID CA by zt3 23.08.2015 22:09

@Fernando

That is correct, you can get "this driver has a signature" and a successful installation by directly install the certificate from the .cat files properties.

#19 RE:[Tips+Discussion] Use of Drivers mod+signed by Win-RAID CA by Fernando 24.08.2015 10:49

avatar

@ mrces, @ Tito, @ ole258, @ zt3, @ e.v.o:

As already previously announced, I have merged all important contributions about the topic "Digital Signature for Modded Drivers" into this freshly created thread.
This way it will be easier for you and other visitors of the Forum to get compact informations about this topic.
So please post all future topic related ideas, tips, questions and answers into this new thread.

Hoping, that this is ok for you
Dieter

#20 RE:[Tips+Discussion] Use of Drivers mod+signed by Win-RAID CA by e.v.o 24.08.2015 15:39

avatar

I can confirm that everything is working fine and wrote a little PowerShell Script to import the cert. Save the following code to the folder that holds the .cer-File as Import-CertToRootCA.ps1:

1
2
3
4
5
6
7
8
9
 
$pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2
$pfx.import($PSScriptRoot + "\Driver Signature Certificate.cer")

$store = new-object System.Security.Cryptography.X509Certificates.X509Store([System.Security.Cryptography.X509Certificates.StoreName]::Root,"LocalMachine")
$store.Open(“MaxAllowed”)
$store.add($pfx)
$store.close()
 
gci cert:\LocalMachine\root | sls "Win-RAID CA"
 



If everything went fine it should output some information about the cert. If not nothing is displayed the cert isn't installed. The script is not that nice and could be made to auto import the driver after importing the cert...

To execute the scripts fire up a admin PowerShell and "Set-ExecutionPolicy Unrestricted". I can't upload any files... ?

#21 RE:[Tips+Discussion] Use of Drivers mod+signed by Win-RAID CA by Fernando 24.08.2015 17:08

avatar

@ e.v.o:
Thanks for the script, but it didn't work for me.
Which es the exact command to execute the script?

Zitat von e.v.o im Beitrag #22
I can't upload any files... ?
You have to put the file into a .zip or .rar archive. Other extensions are not accepted by the Forum software.

#22 RE:[Tips+Discussion] Use of Drivers mod+signed by Win-RAID CA by e.v.o 24.08.2015 19:53

avatar

Zitat von Fernando im Beitrag #23
@ e.v.o:
Thanks for the script, but it didn't work for me.
Which es the exact command to execute the script?


Put the script inside the Folder where "Driver Signature Certificate.cer" is.
Fire up a Admin PowerShell.
cd into the folder.
If you can't execute the script: Set-ExecutionPolicy Unrestricted
Execute the script: .\Import-CertToRoot.ps1 (just type "im" and press tab)

Does it work now? If not: Whats the error message?

#23 RE:[Tips+Discussion] Use of Drivers mod+signed by Win-RAID CA by Fernando 24.08.2015 22:17

avatar

Zitat von e.v.o im Beitrag #24
Put the script inside the Folder where "Driver Signature Certificate.cer" is.
Fire up a Admin PowerShell.
cd into the folder.
If you can't execute the script: Set-ExecutionPolicy Unrestricted
Execute the script: .\Import-CertToRoot.ps1 (just type "im" and press tab)
Thanks for the additional advices.

Zitat
Does it work now?

Obviously yes.
This is what I got:


My previous problems were mainly caused by the folder names within the path to the driver (the powershell doesn't accept "&").

#24 RE:[Tips+Discussion] Use of Drivers mod+signed by Win-RAID CA by F5BJR 06.09.2015 13:20

#25 RE:[Tips+Discussion] Use of Drivers mod+signed by Win-RAID CA by Fernando 06.09.2015 16:03

avatar

@ F5BJR:

Welcome at Win-RAID Forum and thanks for the .bat file for an easy import of the Win-RAID CA driver signature certificate.

Regards
Dieter (alias Fernando)

#26 RE:[Tips+Discussion] Use of Drivers mod+signed by Win-RAID CA by Zwulf 13.09.2015 15:46

I played a litle bit arround and finally, I got this Script:


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
 

echo off &TITLE Win-RAID CA.cer install script
:WELCOME
cls
echo.
echo This will install the "Win-RAID CA.cer" as Trusted Root and Trusted Publisher Certificate.
echo.
set /P "START=Continue? (y/n): "
 
if '%START%' equ 'y' goto WORK
if '%START%' equ 'n' goto :eof
goto WELCOME
 
:WORK
if not exist "%SYSTEMROOT%\System32\certutil.exe" goto CERTUTIL_NOT_FOUND
set "CA=%tmp%\Win-RAID CA.cer"
cls
echo ***************************************************************************
echo Creating 'Win-RAID CA.cer'
echo ***************************************************************************
echo.
:: extract certificat informations into tmp file
echo -----BEGIN CERTIFICATE----- > "%CA%.txt"
echo MIIGhzCCBG+gAwIBAgIQ5/ExbCzfI71GlXVExEmkNDANBgkqhkiG9w0BAQsFADCB>> "%CA%.txt"
echo lTElMCMGCSqGSIb3DQEJARYWZmVybmFuZG8udW5vQGdtYWlsLmNvbTELMAkGA1UE>> "%CA%.txt"
echo BhMCREUxCzAJBgNVBAgTAk5JMQ4wDAYDVQQHEwVKZXZlcjEZMBcGA1UEChMQd3d3>> "%CA%.txt"
echo Lndpbi1yYWlkLmNvbTERMA8GA1UECxMIRmVybmFuZG8xFDASBgNVBAMTC1dpbi1S>> "%CA%.txt"
echo QUlEIENBMB4XDTE1MTAyNTE4NTMyMloXDTM5MTIzMTIzNTk1OVowgZUxJTAjBgkq>> "%CA%.txt"
echo hkiG9w0BCQEWFmZlcm5hbmRvLnVub0BnbWFpbC5jb20xCzAJBgNVBAYTAkRFMQsw>> "%CA%.txt"
echo CQYDVQQIEwJOSTEOMAwGA1UEBxMFSmV2ZXIxGTAXBgNVBAoTEHd3dy53aW4tcmFp>> "%CA%.txt"
echo ZC5jb20xETAPBgNVBAsTCEZlcm5hbmRvMRQwEgYDVQQDEwtXaW4tUkFJRCBDQTCC>> "%CA%.txt"
echo AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANnjNZ0a7ultPdOGQOaEcd2h>> "%CA%.txt"
echo UImcX0685LMsVWei9gk3rpmLy2Sl7BxqeufC5EogXD9LZ1z4WE6Tw3NBUhgt0XrP>> "%CA%.txt"
echo ZWyfCNCUSfcvcV1dVux53LI+ySyUp2AcavHY8sbdhn7/jwHdkgTd3/xE+cn+U+2a>> "%CA%.txt"
echo 7X6Y0zQU7Sy8Up75ls7kq+rp61XfmntWIsGrtJbs09Bt3CYVo7SA57jHDJNGkuSV>> "%CA%.txt"
echo UwDNgUycuRiZT8qnarph0D3RamCpHYyEPnX87t0nRFbdRFMjI5JhBYuD/UE+2PXi>> "%CA%.txt"
echo 4+f2epX52VlpgqZn650kcTEmdl2sS+itxjQZpg1phRLrvYJHjShhNXYJZrq+WU1R>> "%CA%.txt"
echo ZdGOhH0cLz3yoAzW0JKwhOy8HgAjU1EkLcRYLtG6jl46BB6mEM8GXQXdogi9b+ul>> "%CA%.txt"
echo 6J1Pu6v7DvXY+CyJTHTX797DBdcSL/VWH9sA9cZ/ogLwu65BpD/m5ZhjpovX0AS4>> "%CA%.txt"
echo cI74ChYV0lXUhvWQ1KX5hBI4pPFjPZY+j3X5oagg7ERk2XVYdUBkwO8YAnF9O2lI>> "%CA%.txt"
echo s3r0KpZBTp5lvK+EdTp51VlK7LbMQQwwGMDOBGH6JHru7FR6f45a/1nKhcoNU689>> "%CA%.txt"
echo 0EQ9U/1vnOdiU3NVJC+DqtO9b1zvpDlwQUq075a4YizUQA4yj27biJH5dOERipGM>> "%CA%.txt"
echo s8BYrAZSh8m0Om/+/UmhAgMBAAGjgdAwgc0wgcoGA1UdAQSBwjCBv4AQ1POGTxms>> "%CA%.txt"
echo M91sp2WJs2oeOqGBmDCBlTElMCMGCSqGSIb3DQEJARYWZmVybmFuZG8udW5vQGdt>> "%CA%.txt"
echo YWlsLmNvbTELMAkGA1UEBhMCREUxCzAJBgNVBAgTAk5JMQ4wDAYDVQQHEwVKZXZl>> "%CA%.txt"
echo cjEZMBcGA1UEChMQd3d3Lndpbi1yYWlkLmNvbTERMA8GA1UECxMIRmVybmFuZG8x>> "%CA%.txt"
echo FDASBgNVBAMTC1dpbi1SQUlEIENBghDn8TFsLN8jvUaVdUTESaQ0MA0GCSqGSIb3>> "%CA%.txt"
echo DQEBCwUAA4ICAQDHTjgYnmRoQazjtYUXvlVzMDQ+81PN+Wfxe6HYJC2gUGJMFaeJ>> "%CA%.txt"
echo 43kkZPDgy7FAhmqxGTciUK42qRmYmE9cRtvBx/PI+VmtmNAhu3xaJHdFDZsyz6Ac>> "%CA%.txt"
echo 3j/3+HuA63MhXjEeO+XRBplYtg0xDJh8L7jFqLtMSUpET7mRA2i5ltOOv7eOrZcJ>> "%CA%.txt"
echo KGJHLqeGBlQOUyp2XVRO3Atg8H5E9Lr94VCAsN9eMyKkzI//iJLQm89FokjS9Qeo>> "%CA%.txt"
echo bDivRVZKqbcXx0RVSczmU/zAiVk87GEToJQyaKjp9KtOLyGNlEyb1WBb9CZUopaU>> "%CA%.txt"
echo H9b5qYmNJXR8lcmO2aGP61ssp1mQxWi+l9Ru8TKu32uGIazU34X3J8MUapkONLIj>> "%CA%.txt"
echo zboPzituAXyNQ0I6EHhw+RuAWpKhHSTpCzoONS38OJckhHtQImcMB75WUuxZO6LQ>> "%CA%.txt"
echo 1r2L6FrNAnHONSDPsOrYlowlE3qv6rCsKCgYKJEho8OlumLyUer6OYF/ujvmBnxy>> "%CA%.txt"
echo MMIjb8E9leWSexhIa4MipFWJ6JEoF/3TSg5uvUSBmwnVtC4rpuJyLIzIAAIA7I2W>> "%CA%.txt"
echo mkFzt1d8bScgw0aZmgFylOlfs6UG8wFByDqOxrIMMqgs0Uia06wzIWqXhU4UnaII>> "%CA%.txt"
echo 45UIXDc15FPanGjxbrP67bV92l7vpLzsyzxccVnADB6fK/F/EGByZiUAXA== >> "%CA%.txt"
echo -----END CERTIFICATE----- >> "%CA%.txt"
 
:: create Win-RAID CA.cer and delete tmp file
call %SYSTEMROOT%\System32\certutil.exe -decode "%CA%.txt" "%CA%"
call del /F "%CA%.txt"
echo. &echo.
 
echo ***************************************************************************
echo Installing 'Win-RAID CA.cer' as Trusted Root Certificate
echo ***************************************************************************
echo.
call %SYSTEMROOT%\System32\certutil.exe -f -addstore "Root" "%CA%"
echo. &echo.
 
echo ***************************************************************************
echo Installing 'Win-RAID CA.cer' as Trusted Publisher Certificate
echo ***************************************************************************
echo.
call %SYSTEMROOT%\System32\certutil.exe -f -addstore "TrustedPublisher" "%CA%"
echo. &echo.
@pause
 
call del /f "%CA%"
goto :eof
 
:CERTUTIL_NOT_FOUND
cls
echo.
echo Failure: Windows tool "Certutil.exe" not found.
echo Certificate couldn't be installed.
echo.
@pause
 
 




To be clear, I never had the original *.cer file. I downloaded one of Fernando's mod drivers and extraced the *.cer informations via Windows GUI. By using "certutil -encode File.cer" I got the text information presentet in the script above. The installation is done the reverse way by using the -decode switch to create the Win-RAID CA.cer file in windows temp directory. After this step, the certificat is installed via -addstore switch to trusted root and trusted publisher repository. With this skript, you do not need to deliver a seperate *.cer file as the script is allready containing it.

Maybe someone has some use for it. Have a nice Day. :-)


Edit 1: Forgot @pause after error message
Edit 2: Script file for download Attached
Edit 3: Corrected missing colon in goto instruction
Edit 4: Script is now using the new SHA256 "Win-RAID CA.cer"

#27 RE:[Tips+Discussion] Use of Drivers mod+signed by Win-RAID CA by Fernando 13.09.2015 15:57

avatar

@ Zwulf:
Welcome at Win-RAID Forum and big thanks to you for the script, which will make the use of my "mod+signed drivers" much easier.

@ all:
It would be fine, if anyone would test the script and report here, whether it works or not.

Greetings from Germany
Dieter (alias Fernando)

#28 RE:[Tips+Discussion] Use of Drivers mod+signed by Win-RAID CA by F5BJR 16.09.2015 20:59

#29 RE:[Tips+Discussion] Use of Drivers mod+signed by Win-RAID CA by F5BJR 19.09.2015 15:26

#30 RE:[Tips+Discussion] Use of Drivers mod+signed by Win-RAID CA by Fernando 19.09.2015 17:05

avatar

@ F5BJR:
Thank you very much for having posted a tip how to make it easier to import the Digital Signature of a signed driver onto another computer or after a fresh OS installation.

Zitat von F5BJR im Beitrag #37
I have reinstalled my computer and i have not found solution for reuse my certificate for make another self-signed driver with the certificate
have you infos for this ?
it would be nice to know if it is possible, without creating a new certificate
Meanwhile you obviously have found a solution yourself - congratulations!
Question:
What do you mean with "self-signed driver"? Have you signed it yourself or do you mean a driver, which has been modded and signed by me?

Xobor Forum Software von Xobor
Datenschutz