[
  {
    "path": ".gitignore",
    "content": "# Byte-compiled / optimized / DLL files\n__pycache__/\n*.py[cod]\n*$py.class\n\n# C extensions\n*.so\n\n# Distribution / packaging\n.Python\nbuild/\ndevelop-eggs/\ndist/\ndownloads/\neggs/\n.eggs/\nlib/\nlib64/\nparts/\nsdist/\nvar/\nwheels/\nshare/python-wheels/\n*.egg-info/\n.installed.cfg\n*.egg\nMANIFEST\n\n# PyInstaller\n#  Usually these files are written by a python script from a template\n#  before PyInstaller builds the exe, so as to inject date/other infos into it.\n*.manifest\n*.spec\n\n# Installer logs\npip-log.txt\npip-delete-this-directory.txt\n\n# Unit test / coverage reports\nhtmlcov/\n.tox/\n.nox/\n.coverage\n.coverage.*\n.cache\nnosetests.xml\ncoverage.xml\n*.cover\n*.py,cover\n.hypothesis/\n.pytest_cache/\ncover/\n\n# Translations\n*.mo\n*.pot\n\n# Django stuff:\n*.log\nlocal_settings.py\ndb.sqlite3\ndb.sqlite3-journal\n\n# Flask stuff:\ninstance/\n.webassets-cache\n\n# Scrapy stuff:\n.scrapy\n\n# Sphinx documentation\ndocs/_build/\n\n# PyBuilder\n.pybuilder/\ntarget/\n\n# Jupyter Notebook\n.ipynb_checkpoints\n\n# IPython\nprofile_default/\nipython_config.py\n\n# pyenv\n#   For a library or package, you might want to ignore these files since the code is\n#   intended to run in multiple environments; otherwise, check them in:\n# .python-version\n\n# pipenv\n#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.\n#   However, in case of collaboration, if having platform-specific dependencies or dependencies\n#   having no cross-platform support, pipenv may install dependencies that don't work, or not\n#   install all needed dependencies.\n#Pipfile.lock\n\n# poetry\n#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.\n#   This is especially recommended for binary packages to ensure reproducibility, and is more\n#   commonly ignored for libraries.\n#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control\n#poetry.lock\n\n# pdm\n#   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.\n#pdm.lock\n#   pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it\n#   in version control.\n#   https://pdm.fming.dev/#use-with-ide\n.pdm.toml\n\n# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm\n__pypackages__/\n\n# Celery stuff\ncelerybeat-schedule\ncelerybeat.pid\n\n# SageMath parsed files\n*.sage.py\n\n# Environments\n.env\n.venv\nenv/\nvenv/\nENV/\nenv.bak/\nvenv.bak/\n\n# Spyder project settings\n.spyderproject\n.spyproject\n\n# Rope project settings\n.ropeproject\n\n# mkdocs documentation\n/site\n\n# mypy\n.mypy_cache/\n.dmypy.json\ndmypy.json\n\n# Pyre type checker\n.pyre/\n\n# pytype static type analyzer\n.pytype/\n\n# Cython debug symbols\ncython_debug/\n\n# PyCharm\n#  JetBrains specific template is maintained in a separate JetBrains.gitignore that can\n#  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore\n#  and can be added to the global gitignore or merged into this file.  For a more nuclear\n#  option (not recommended) you can uncomment the following to ignore the entire idea folder.\n#.idea/\n"
  },
  {
    "path": "LICENSE",
    "content": "MIT License\n\nCopyright (c) 2023 langsasec\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n"
  },
  {
    "path": "README.md",
    "content": "\n<picture>\n  <source media=\"(prefers-color-scheme: dark)\" srcset=\"https://api.star-history.com/svg?repos=langsasec/Sign-Sacker&type=Date&theme=dark\" />\n  <source media=\"(prefers-color-scheme: light)\" srcset=\"https://api.star-history.com/svg?repos=langsasec/Sign-Sacker&type=Date\" />\n  <img alt=\"Star History Chart\" src=\"https://api.star-history.com/svg?repos=langsasec/Sign-Sacker&type=Date\" />\n</picture>\n\n# Sign-Sacker (签名掠夺者) - 2.0\n\n## 介绍\n\nSign-Sacker(签名掠夺者)：一款数字签名复制器，可将其他官方exe中数字签名，图标，详细信息复制到没有签名的exe中，作为免杀，权限维持，伪装的一种小手段。\n\n## 2024-1-4 项目停更\n\n1. 微调了下代码，只允许了exe，dll文件\n2. 项目停更，江湖再见\n\n## 更新 2.0\n\n分别导入含有签名和需要签名的文件，点击生成即可，玩免杀的可能会用到。\n\n新增功能：\n\n1. 掠夺高清图标，完美复刻。\n2. 掠夺exe详细信息，以假乱真。\n\n![image](https://github.com/langsasec/Sign-Sacker/assets/45072131/e1efdf02-9a18-4325-b68e-73a2e799ffc4)\n\n## 效果对比\n\n### 图标对比：\n\n![image](https://github.com/langsasec/Sign-Sacker/assets/45072131/9649a032-4a4c-421f-9f65-527ad42fe958)\n\n![image](https://github.com/langsasec/Sign-Sacker/assets/45072131/ec134818-ab66-4b0f-ae5c-75da8a2574df)\n\n### 数字签名对比：\n\n![image](https://github.com/langsasec/Sign-Sacker/assets/45072131/467c2eda-e106-4264-94e9-eb38fd5a56b6)\n\n### 详细信息对比\n唯一的遗憾是语言暂未更改，文件版本号是由于飞书实际和显示有差别，大多数是一致的，因此我未做细微调整。\n![image](https://github.com/langsasec/Sign-Sacker/assets/45072131/c96a2202-54cb-4086-9979-22037fcd1fea)\n\n\n\n\n"
  },
  {
    "path": "Sign-Sacker.py",
    "content": "import io\r\nimport struct\r\nimport subprocess\r\n\r\nfrom PyQt5.QtGui import QIcon\r\nfrom PyQt5.QtWidgets import QApplication, QMainWindow, QLabel, QLineEdit, QPushButton, QFileDialog, QVBoxLayout, \\\r\n    QWidget, QMessageBox, QCheckBox\r\nimport sys\r\nimport os\r\nimport shutil\r\nfrom PyQt5.QtWidgets import QDesktopWidget\r\n\r\n\r\n\r\nclass SignSacker(QMainWindow):\r\n    def __init__(self):\r\n        super().__init__()\r\n        self.setWindowTitle(\"Sign-Sacker(签名掠夺者) By 浪飒 (关注浪飒sec公众号)\")\r\n        self.setWindowIcon(QIcon('favicon.ico'))  # 设置窗口图标\r\n        self.resize(700, 400)\r\n\r\n        # 设置窗口居中显示\r\n        screen = QDesktopWidget().screenGeometry()\r\n        window_size = self.geometry()\r\n        x = int((screen.width() - window_size.width()) / 2)\r\n        y = int((screen.height() - window_size.height()) / 2)\r\n        self.move(x, y)\r\n\r\n        widget = QWidget(self)\r\n        layout = QVBoxLayout()\r\n        widget.setLayout(layout)\r\n        self.setCentralWidget(widget)\r\n\r\n        self.file1_label = QLabel(\"受害者:\", self)\r\n        layout.addWidget(self.file1_label)\r\n\r\n        self.file1_entry = QLineEdit(self)\r\n        layout.addWidget(self.file1_entry)\r\n\r\n        self.choose_button1 = QPushButton(\"选择含有签名的文件\", self)\r\n        layout.addWidget(self.choose_button1)\r\n        self.choose_button1.clicked.connect(self.choose_file1)\r\n\r\n        self.file2_label = QLabel(\"掠夺者:\", self)\r\n        layout.addWidget(self.file2_label)\r\n\r\n        self.file2_entry = QLineEdit(self)\r\n        layout.addWidget(self.file2_entry)\r\n\r\n        self.choose_button2 = QPushButton(\"选择需要伪造签名的文件\", self)\r\n        layout.addWidget(self.choose_button2)\r\n        self.choose_button2.clicked.connect(self.choose_file2)\r\n\r\n        self.output_label = QLabel(\"生成文件名:\", self)\r\n        layout.addWidget(self.output_label)\r\n\r\n        self.output_entry = QLineEdit(self)\r\n        layout.addWidget(self.output_entry)\r\n\r\n        self.icon_checkbox = QCheckBox(\"掠夺受害者高清图标（默认保存在'文件名_ico'路径下）\", self)\r\n        self.details_checkbox = QCheckBox(\"掠夺受害者所有详细信息（右键属性->详细信息。包括文件说明，文件版本等）\", self)\r\n        layout.addWidget(self.icon_checkbox)\r\n        layout.addWidget(self.details_checkbox)\r\n        self.output_label= QLabel(\"------------------------------------------------------------------------------------\", self)\r\n        layout.addWidget(self.output_label)\r\n        self.output_label = QLabel(\"温馨提示：\", self)\r\n        layout.addWidget(self.output_label)\r\n        self.output_label= QLabel(\"1.掠夺后语言默认为英语(美国)。\", self)\r\n        layout.addWidget(self.output_label)\r\n        self.output_label= QLabel(\"2.掠夺后图标若无变化请粘贴到新的文件夹刷新即可。\", self)\r\n        layout.addWidget(self.output_label)\r\n        self.output_label= QLabel(\"3.建议对掠夺者进行备份再执行程序。\", self)\r\n        layout.addWidget(self.output_label)\r\n        self.output_label= QLabel(\"------------------------------------------------------------------------------------\", self)\r\n        layout.addWidget(self.output_label)\r\n\r\n        self.process_button = QPushButton(\"生成文件\", self)\r\n        layout.addWidget(self.process_button)\r\n        self.process_button.clicked.connect(self.process_files)\r\n\r\n\r\n\r\n        self.setStyleSheet(\"\"\"\r\n            QLabel {\r\n                font-size: 16px;\r\n                color: #333;\r\n            }\r\n            QLineEdit, QPushButton {\r\n                font-size: 14px;\r\n                height: 30px;\r\n            }\r\n            QPushButton {\r\n                background-color: #4CAF50;\r\n                border: none;\r\n                color: white;\r\n                padding: 6px 12px;\r\n                text-align: center;\r\n                text-decoration: none;\r\n                font-size: 14px;\r\n                margin: 4px;\r\n\r\n                border-radius: 4px;\r\n            }\r\n            QPushButton:hover {\r\n                background-color: #45a049;\r\n            }\r\n        \"\"\")\r\n\r\n\r\n    def choose_file1(self):\r\n        file_name, _ = QFileDialog.getOpenFileName(self, \"选择文件1\", \"\", \"Executable Files (*.exe *.dll)\")\r\n        if file_name:\r\n            self.file1_entry.setText(file_name)\r\n\r\n    def choose_file2(self):\r\n        file_name, _ = QFileDialog.getOpenFileName(self, \"选择文件2\", \"\", \"Executable Files (*.exe *.dll)\")\r\n        if file_name:\r\n            self.file2_entry.setText(file_name)\r\n            # 自动填充生成文件名的文本框\r\n            base_name = os.path.basename(file_name)\r\n            extension = os.path.splitext(base_name)[1]\r\n            if extension.lower() == \".dll\":\r\n                output_file = os.path.splitext(base_name)[0] + \"-Signed.dll\"\r\n            else:\r\n                output_file = os.path.splitext(base_name)[0] + \"-Signed.exe\"\r\n            self.output_entry.setText(os.getcwd().replace('\\\\','/')+'/'+output_file)\r\n\r\n    def process_files(self):\r\n        file1_path = self.file1_entry.text()\r\n        file2_path = self.file2_entry.text()\r\n        output_file = self.output_entry.text()\r\n        # 验证文件的有效性\r\n        if not os.path.exists(file1_path) or not os.path.isfile(file1_path):\r\n            self.show_message_box(\"错误\", \"文件1无效！\")\r\n            return\r\n        if not os.path.exists(file2_path) or not os.path.isfile(file2_path):\r\n            self.show_message_box(\"错误\", \"文件2无效！\")\r\n            return\r\n        icon = self.icon_checkbox.isChecked()\r\n        version_info = self.details_checkbox.isChecked()\r\n        if version_info:\r\n            info_sacker(file1_path, file2_path)\r\n        if icon:\r\n            ico_sacker(file1_path,file2_path)\r\n        writeCert(copyCert(file1_path), file2_path, output_file)\r\n        message = f\"签名已写入：{output_file}\"\r\n\r\n        self.show_message_box(\"生成文件\", message)\r\n\r\n    def show_message_box(self, title, message):\r\n        msg_box = QMessageBox()\r\n        msg_box.setWindowTitle(title)\r\n        msg_box.setText(message)\r\n        msg_box.exec_()\r\n\r\n\r\n# 获取可执行文件的一些信息，包括PE头中的各个字段的数值。\r\ndef gather_file_info_win(binary):\r\n    \"\"\"\r\n    Borrowed from BDF...\r\n    I could just skip to certLOC... *shrug*\r\n    \"\"\"\r\n    flItms = {}\r\n    binary = open(binary, 'rb')\r\n    binary.seek(int('3C', 16))\r\n    flItms['buffer'] = 0\r\n    flItms['JMPtoCodeAddress'] = 0\r\n    flItms['dis_frm_pehdrs_sectble'] = 248\r\n    flItms['pe_header_location'] = struct.unpack('<i', binary.read(4))[0]\r\n    flItms['COFF_Start'] = flItms['pe_header_location'] + 4\r\n    binary.seek(flItms['COFF_Start'])\r\n    flItms['MachineType'] = struct.unpack('<H', binary.read(2))[0]\r\n    binary.seek(flItms['COFF_Start'] + 2, 0)\r\n    flItms['NumberOfSections'] = struct.unpack('<H', binary.read(2))[0]\r\n    flItms['TimeDateStamp'] = struct.unpack('<I', binary.read(4))[0]\r\n    binary.seek(flItms['COFF_Start'] + 16, 0)\r\n    flItms['SizeOfOptionalHeader'] = struct.unpack('<H', binary.read(2))[0]\r\n    flItms['Characteristics'] = struct.unpack('<H', binary.read(2))[0]\r\n    flItms['OptionalHeader_start'] = flItms['COFF_Start'] + 20\r\n\r\n    binary.seek(flItms['OptionalHeader_start'])\r\n    flItms['Magic'] = struct.unpack('<H', binary.read(2))[0]\r\n    flItms['MajorLinkerVersion'] = struct.unpack(\"!B\", binary.read(1))[0]\r\n    flItms['MinorLinkerVersion'] = struct.unpack(\"!B\", binary.read(1))[0]\r\n    flItms['SizeOfCode'] = struct.unpack(\"<I\", binary.read(4))[0]\r\n    flItms['SizeOfInitializedData'] = struct.unpack(\"<I\", binary.read(4))[0]\r\n    flItms['SizeOfUninitializedData'] = struct.unpack(\"<I\",\r\n                                                      binary.read(4))[0]\r\n    flItms['AddressOfEntryPoint'] = struct.unpack('<I', binary.read(4))[0]\r\n    flItms['PatchLocation'] = flItms['AddressOfEntryPoint']\r\n    flItms['BaseOfCode'] = struct.unpack('<I', binary.read(4))[0]\r\n    if flItms['Magic'] != 0x20B:\r\n        flItms['BaseOfData'] = struct.unpack('<I', binary.read(4))[0]\r\n\r\n    if flItms['Magic'] == 0x20B:\r\n        flItms['ImageBase'] = struct.unpack('<Q', binary.read(8))[0]\r\n    else:\r\n        flItms['ImageBase'] = struct.unpack('<I', binary.read(4))[0]\r\n    flItms['SectionAlignment'] = struct.unpack('<I', binary.read(4))[0]\r\n    flItms['FileAlignment'] = struct.unpack('<I', binary.read(4))[0]\r\n    flItms['MajorOperatingSystemVersion'] = struct.unpack('<H',\r\n                                                          binary.read(2))[0]\r\n    flItms['MinorOperatingSystemVersion'] = struct.unpack('<H',\r\n                                                          binary.read(2))[0]\r\n    flItms['MajorImageVersion'] = struct.unpack('<H', binary.read(2))[0]\r\n    flItms['MinorImageVersion'] = struct.unpack('<H', binary.read(2))[0]\r\n    flItms['MajorSubsystemVersion'] = struct.unpack('<H', binary.read(2))[0]\r\n    flItms['MinorSubsystemVersion'] = struct.unpack('<H', binary.read(2))[0]\r\n    flItms['Win32VersionValue'] = struct.unpack('<I', binary.read(4))[0]\r\n    flItms['SizeOfImageLoc'] = binary.tell()\r\n    flItms['SizeOfImage'] = struct.unpack('<I', binary.read(4))[0]\r\n    flItms['SizeOfHeaders'] = struct.unpack('<I', binary.read(4))[0]\r\n    flItms['CheckSum'] = struct.unpack('<I', binary.read(4))[0]\r\n    flItms['Subsystem'] = struct.unpack('<H', binary.read(2))[0]\r\n    flItms['DllCharacteristics'] = struct.unpack('<H', binary.read(2))[0]\r\n    if flItms['Magic'] == 0x20B:\r\n        flItms['SizeOfStackReserve'] = struct.unpack('<Q', binary.read(8))[0]\r\n        flItms['SizeOfStackCommit'] = struct.unpack('<Q', binary.read(8))[0]\r\n        flItms['SizeOfHeapReserve'] = struct.unpack('<Q', binary.read(8))[0]\r\n        flItms['SizeOfHeapCommit'] = struct.unpack('<Q', binary.read(8))[0]\r\n\r\n    else:\r\n        flItms['SizeOfStackReserve'] = struct.unpack('<I', binary.read(4))[0]\r\n        flItms['SizeOfStackCommit'] = struct.unpack('<I', binary.read(4))[0]\r\n        flItms['SizeOfHeapReserve'] = struct.unpack('<I', binary.read(4))[0]\r\n        flItms['SizeOfHeapCommit'] = struct.unpack('<I', binary.read(4))[0]\r\n    flItms['LoaderFlags'] = struct.unpack('<I', binary.read(4))[0]  # zero\r\n    flItms['NumberofRvaAndSizes'] = struct.unpack('<I', binary.read(4))[0]\r\n\r\n    flItms['ExportTableRVA'] = struct.unpack('<I', binary.read(4))[0]\r\n    flItms['ExportTableSize'] = struct.unpack('<I', binary.read(4))[0]\r\n    flItms['ImportTableLOCInPEOptHdrs'] = binary.tell()\r\n\r\n    flItms['ImportTableRVA'] = struct.unpack('<I', binary.read(4))[0]\r\n    flItms['ImportTableSize'] = struct.unpack('<I', binary.read(4))[0]\r\n    flItms['ResourceTable'] = struct.unpack('<Q', binary.read(8))[0]\r\n    flItms['ExceptionTable'] = struct.unpack('<Q', binary.read(8))[0]\r\n    flItms['CertTableLOC'] = binary.tell()\r\n    flItms['CertLOC'] = struct.unpack(\"<I\", binary.read(4))[0]\r\n    flItms['CertSize'] = struct.unpack(\"<I\", binary.read(4))[0]\r\n    binary.close()\r\n    return flItms\r\n\r\n\r\n# 用于从可执行文件中提取签名证书\r\ndef copyCert(exe):\r\n    flItms = gather_file_info_win(exe)\r\n\r\n    if flItms['CertLOC'] == 0 or flItms['CertSize'] == 0:\r\n        # 无证书则退出\r\n        sys.exit(-1)\r\n\r\n    with open(exe, 'rb') as f:\r\n        f.seek(flItms['CertLOC'], 0)\r\n        cert = f.read(flItms['CertSize'])\r\n    return cert\r\n\r\n# 写入证书并输出\r\ndef writeCert(cert, exe, output):\r\n    flItms = gather_file_info_win(exe)\r\n\r\n    if not output:\r\n        output = str(exe) + \"_signed\"\r\n\r\n    shutil.copy2(exe, output)\r\n\r\n    with open(exe, 'rb') as g:\r\n        with open(output, 'wb') as f:\r\n            f.write(g.read())\r\n            f.seek(0)\r\n            f.seek(flItms['CertTableLOC'], 0)\r\n            f.write(struct.pack(\"<I\", len(open(exe, 'rb').read())))\r\n            f.write(struct.pack(\"<I\", len(cert)))\r\n            f.seek(0, io.SEEK_END)\r\n            f.write(cert)\r\n\r\n# 图标掠夺\r\ndef ico_sacker(victim, sacker):\r\n    save_location = f\"{victim}_ico\"\r\n    os.system('ico_sacker.exe /save \"'+victim+'\" \"'+save_location+'\" -icons')\r\n    ico_path= save_location+'/'+os.listdir(save_location)[0]\r\n    os.system(f'info_sacker.exe {sacker}  --set-icon {ico_path}')\r\n\r\n\r\ndef get_version_string(file_path, string_name):\r\n    import warnings\r\n    try:\r\n        warnings.filterwarnings(\"ignore\")\r\n        cmd = f'info_sacker.exe {file_path} --get-version-string \"{string_name}\"'\r\n        result = subprocess.run(cmd, shell=True, capture_output=True, text=True)\r\n        version_string = result.stdout.strip()\r\n        return version_string\r\n    except:\r\n        pass\r\n\r\n\r\ndef set_version_string(file_path, string_name, string_value):\r\n    try:\r\n        subprocess.check_call(f'info_sacker.exe {file_path} --set-version-string \"{string_name}\" \"{string_value}\"',\r\n                              shell=True)\r\n    except:\r\n        pass\r\n\r\n\r\ndef info_sacker(victim, sacker):\r\n    version_strings = {\r\n        \"FileDescription\": \"\",\r\n        \"FileVersion\": \"\",\r\n        \"ProductName\": \"\",\r\n        \"ProductVersion\": \"\",\r\n        \"CompanyName\": \"\",\r\n        \"LegalCopyright\": \"\",\r\n        \"InternalName\": \"\",\r\n        \"OriginalFilename\": \"\"\r\n    }\r\n\r\n    # 获取版本信息\r\n    for string_name in version_strings:\r\n        version_strings[string_name] = get_version_string(victim, string_name)\r\n\r\n    # 设置版本信息\r\n    for string_name, string_value in version_strings.items():\r\n        if string_value is not None:\r\n            set_version_string(sacker, string_name, string_value)\r\n\r\n    os.system(f'info_sacker.exe {sacker} --set-file-version {version_strings[\"FileVersion\"]}')\r\nif __name__ == '__main__':\r\n    app = QApplication(sys.argv)\r\n    window = SignSacker()\r\n    window.show()\r\n    sys.exit(app.exec_())\r\n"
  },
  {
    "path": "requirements.txt",
    "content": "PyQt5==5.15.9\r\n"
  }
]