[Questions] Any idea where to start searching to get or buy a valid certificate?

[winvb]

I tried some gamer forums, but it looks like every certificate is already banned.

[PIKACHUIM]

Here are some methods to obtain expired EV certificates that can be used for driving signatures. These methods come from the Internet and have not been fully verified and evaluated. Please use them with caution.

I DO NOT ASSUME ANY LEGAL, DATA, OR SECURITY RELATED RESPONSIBILITIES OR RISKS ARISING FROM THE USE OF THE FOLLOWING METHODS, NOR DO I ENCOURAGE ANYONE TO USE THE FOLLOWING METHODS FOR ANY PURPOSES:

Please note: Prior to July 19, 2015, most EV certificates had cross signed CAs for signing kernel drivers, and at this time, keys were distributed through files rather than hardware But after that, there are still some EV certificates that meet this condition. You can identify them by checking whether the signing certificate policy (CSP) and the corresponding CA certificate enable cross root

1. You can obtain certificates through forums by searching for free certificates or purchasing them on the black market (cautious, easily deceived). In addition, some companies sell these certificates, and even some individuals have been able to apply for cross root EV certificates many years ago, such as Certum (around 2012-2016). Some personal certificates (even free, CN=Certum Level III CA) can be signed and driven. You can consider collecting or purchasing them
2. According to this article: [Finding and Utilizing Leaked Code Marking Certificates]（ https://tij.me/blog/finding-and-utilising-leaked-code-signing-certificates/ ）You can search for specific fields through specific search engines. I have tried and can obtain some certificates PFX, but cracking the keys of these certificates is very difficult, and you cannot know if the certificate you are preparing to crack is an EV driver cross certificate, or even if it is a code signing certificate
3. According to this post [Finding Your Own Leaked Driver Certificates]（ https://www.unknowncheats.me/forum/anti-cheat-bypass/460417-finding-own-leaked-driver-certificates.html ）You can try to obtain the certificate file by scanning Amazon AWS or other cloud providers, but I have not tested it, which poses legal risks

The above are some methods that I am aware of, and I would like to remind you again: they are for research and reference only, and the related risks need to be borne by yourself However, I think we should consider other directions, such as disabling mandatory signature verification by modifying CKS or other methods:

https://github.com/HyperSine/Windows10-CustomKernelSigners/ https://bbs.kanxue.com/thread-273316.htm

Of course, the most important thing to change is Microsoft, and Windows should allow developers to test drivers themselves (with or without a signature) by enabling Secure Boot And users should be allowed to trust the signature drivers from where they come, or at least allow EV signature holders to freely or test the drivers on custom/small-scale devices

[winvb]

@PIKACHUIM It might be worth looking into an option to configure Windows so that Windows always boots in F7 mode (without signature verification). After all, this mode works even if Secure Boot is enabled

[PIKACHUIM]

Yes, it works. However, you need to enable it every time when you boot. π_π

[winvb]

@PIKACHUIM So maybe it's better to automate this method? So that the system always boots in this mode without having to turn it on. I'll try to find a solution.