Friday, October 11, 2013

Get the (readable) certificate from a windows executable (PE)

I searched high and low for a simple (linux) solution on how to extract the certificate of an authenticode signed windows binary. I don't want to use wine, nor mono. This is what I came up with:
  • Extract the certificate with 7zip: 7z e setup.exe CERTIFICATE
  • remove the first 8 bytes: dd if=CERTIFICATE bs=1 skip=8 of=setup.exe.pkcs7
  • Read it: openssl pkcs7 -in setup.exe.pkcs7 -inform DER -print_certs -text