Stay away from COMODO / Sectigo digital certificates

All of our software binaries were digitally re-signed using Thawte digital certificate:

(demo versions on the website and full versions available in the Customer Panel)

Long story short – our previous certification company StartCOM was banned first from the major web browsers and now in 2019 from Microsoft Windows because of their shady business practices (issuing back dated certificates), you can read this story at:

and their main CA certificate was revoked, which resulted in blocking any software signed with their digital code signing certificates (even if it was valid till the end of 2019 like in our case).

We had huge problems to get a new one with COMODO / Sectigo because of their dumb policies, that required us to be listed in commercial business DUNS (D&B) directory (1600 USD for a listing!) or to have a blue shield of verification on Google Maps (even if this program was discontinued because it required to have a Google Business and now defunct Google+ accounts linked together?).

I’ve been trying to get this new certificate for more than 3 weeks with COMODO without a result and with tons of legal, notary signed company papers, utility bills send to them for verification, they didn’t want to issue a code signing certificate no matter what.

Finally I have tried to get it from Thawte, and after a simple business verification process, they granted us a new certificate after 2 days.

I highly recommend Thawte and The SSL Store for any digital certificates:

https://www.thesslstore.com/

And stay away from COMODO / Sectigo and all their resellers (they resell via
many other companies).

I would like to apologize to all the customers for all the inconvenience in those days when you couldn’t use our software.

.netshrink v2.3

.netshrink is an executable compressor and DLL binder for .NET applications. It uses LZMA compression library and can decrease your file size by 50%. It can also protect your files with a password.

Recent changes:

v2.3

  • project files support added
  • list of locally stored passwords added
  • fixed bugs with handling x64 applications

v2.2

  • original assembly CPU architecture preservation
  • running compressed assembly from the UNC path fixed

Download links:

Installer – https://www.pelock.com/download/netshrink.exe
Zip Archive – https://www.pelock.com/download/netshrink.zip

.netshrink v2.0

Finally, something new. Today I’ve released a new version of .netshrink a .NET Framework application compressor and password protector.

List of changes:

v2.0

  • resources preservation (all resources, including icons, manifests etc.)
  • compression of command line executables
  • support added for .NET Framework 3.0, 3.5 and 4.0
  • .NET Framework auto detection
  • updated password query dialogs
  • enter password from the command line for protected files
  • minor bugs fixed
  • help file updated to .chm format

v1.0

  • first public release

Really easy scripting with ODbgScript

ODbgScript is an extension for OllyDbg debugger (note to myself: so mr smartass there’s life except SoftICE heh 🙂).

I was always a little bit afraid of using it becouse i thought it’s easier to write separate application than to code in this weird scripting language.

But today i need a tool to dump decrypted strings from one application (while it’s running). I wanted to start coding live dumper based on WinApi’s debug functions but i though what the heck, let’s try to do it in ODbgScript.

Here’s the result:

; declare variables
        var     string_ptr
        var     file_name
        var     file_index
        var     file_size
        var     x
 
; set breakpoint at the instruction where we
; intercepts decrypted strings
        bp     401020
 
; initialize file_index variable
        mov     file_index, 0
 
; run application after setting the breakpoint
again:
        run
 
; if we're here, it means application hit the breakpoint
; continue to execute script after breakpoint is hit
; (don't stop in OllyDbg)
        cob
 
; pointer to the encrypted string is stored
; at [ebp-14] let's grab it
        mov     x, ebp
        sub     x, 14
        mov     x, [x]
 
        mov     string_ptr, x
 
; strings are null terminated, let's find its
; size so we can dump it (LEN command didn't work
; here, it always returns 0FFh)
        find    string_ptr, #00#
 
        cmp     $RESULT, 0
        je      skip_file
 
; calculate string size
        mov     x, $RESULT
        sub     x, string_ptr
 
        mov     file_size, x
 
; format file name for decrypted string, name it using
; file_index value and .txt extension, eval works almost
; like wsprintf
        eval    "C:\Test\{file_index}.txt"
        mov     file_name, $RESULT
 
; dump memory area to the file
        dm      string_ptr, file_size, file_name
 
; log action
        eval    "{file_index} - VA = {string_ptr},
                 SIZE = {file_size}"
        log     $RESULT;
 
; increase index value
        inc     file_index
 
skip_file:
 
; run application again after dumping
        jmp     again

At first it might look confusing, but after playing with it for 5 minutes you will love it, especially if you know how to code in assembler.

And if you make mistakes in the script, don’t worry, it has its own, built-in debugger, available directly from OllyDbg so you can spot every mistake you did, trace down the script, modify its variables etc.

In other words viva la ODbgScript 🙂

PS. And don’t ask me why i didn’t use it before 😉

MultiExtractor v2.50a is out

A new version of MultiExtractor has been released. What’s new in 2.5.0a?

  • ICL icon extraction (now you can extract icons from ICL files)
  • Added MID, MPG, TIFF, EMF, WMF formats
  • Possibility of unpack CAB (also InstallShield CAB’s)
  • Image buffering (faster displaying of visited images)
  • Naming of files through numbering (Explorer option)
  • Upgraded conversion support (bitmap to bitmap with another background color)

MultiExtractor vs C: drive

MultiExtractor v2.50a

MultiExtractor v2.50a