Metadata
This book details some useful excerpts and observations sealing binaries.
Sealing
Code signing, compiling with metadata
Sealing
Signing Binaries with Self-Signed Certificates
Osslsigncode can be used to sign binaries on Linux with X509 certificates.
The following codeblock shows installing osslsigncode
on a Linux machine, generating a self-signed certificate, and signing where the password 'bunny' has been used when creating the p12 certificate store.
#Download Sign code
apt install osslsigncode
#Generate the key/cert
openssl req -x509 -newkey rsa:4096 -keyout myKey.pem -out cert.pem -days 365 -nodes
#Generate a p12
openssl pkcs12 -export -out keyStore.p12 -inkey myKey.pem -in cert.pem
#Sign the binary
osslsigncode sign -pkcs12 keyStore.p12 -in nc.exe -out nc-signed.exe -pass 'bunny'
Sealing
Including Icons and Property Metadata
Resource files can be used to include both icons and populate property data in the binary.
Compiling
Compiling
Symbol Stripping
Compiling with the -s
flag on GNU GCC and similar CC programs will strip symbols during the linker phase of compilation. This will hide the names of the variables given in the code when producing a final binary.