Metadata

This book details some useful excerpts and observations sealing binaries.

Sealing

Code signing, compiling with metadata

Sealing

Signing Binaries with Self-Signed Certificates

Osslsigncode can be used to sign binaries on Linux with X509 certificates.

The following codeblock shows installing osslsigncode on a Linux machine, generating a self-signed certificate, and signing where the password 'bunny' has been used when creating the p12 certificate store.

#Download Sign code
apt install osslsigncode

#Generate the key/cert
openssl req -x509 -newkey rsa:4096 -keyout myKey.pem -out cert.pem -days 365 -nodes

#Generate a p12
openssl pkcs12 -export -out keyStore.p12 -inkey myKey.pem -in cert.pem

#Sign the binary
osslsigncode sign -pkcs12 keyStore.p12 -in nc.exe -out nc-signed.exe -pass 'bunny'
Sealing

Including Icons and Property Metadata

Resource files can be used to include both icons and populate property data in the binary.

 

 

Compiling

Compiling

Symbol Stripping

Compiling with the -s flag on GNU GCC and similar CC programs will strip symbols during the linker phase of compilation. This will hide the names of the variables given in the code when producing a final binary.