Sunday, May 12, 2019

Code Signing Certificate

Code Signing Certificate

The recent release of Launcher PRO 3.0, and the re-release Launcher 2.0 BFU_XODE edition, is digitally signed and conforms with Windows Authenticode. Why do I need it, or the better question is, why do you need it? Authenticode or digitally signing a file ensures that the file is exactly how I released it when it gets to end users. It ensures the integrity of a file.

This only works if the user actively checks it, though. I have been signing every releases, but it's only the last release where I actively check digital signatures.

I'm honestly surprised to learn that there's a good number of people who doesn't know what it is, how to check it, and what it is for. Along with those, there are also some people who casted doubt and hurled accusations as to what my real intentions were.

I find it both humorous and preposterous at the same time, that these people would even insinuate that I'm up to no good. I mean, I've been doing this for a while now, and starting something nefarious just doesn't make sense, and just not my style. They're trying to cast doubts, but really, they don't know a thing about digital signature.

Anyone can check for themselves. If you check the digital signature by right-clicking the executable:

First thing to check is where it says "This digital signature is OK". NOTE: This will say something else if the certificate is not trusted, even if the digital signature checks out.

If you click View Certificate, you'll see the following:


The intended purpose of the certificate is important. As you can see, it's sole purpose is limited to digital signature, nothing more, nothing less. It cannot be used for server identification, create or issue or sign another certificate, or server or client authentication, or encryption/decryption, or anything else for that matter.

In short, the certificate cannot be used for exploit such as Man in the Middle (MITM) Attack. It's just not possible. Besides, for MITM to succeed, you have to be really stupid and do several things before it even initiates. Things that Windows Defender or modern browsers will reject.

These talking heads just want to insinuate things, but don't know jack.But I'm glad, because it forces me to look for better alternatives.

The only reason I'm using a self-signed code signing certificate is that it costs a lot, $200-$400/year, with the Extended Validation costing twice as much. I'm not going to spend that much penny.

Having said that, I decided that installing the root certificate is now not required. I found a way to validate digital signatures without needing to trust the certificate first. Obvious drawback is that it's less accurate and slower, and not at par to the level of security I intended.

The installed certificate can be removed by following these instructions:

- Add The certificates Snap-In
- Delete a Certificate

Also, from the command line, type LauncherPro.exe -cert

The next version of Launcher PRO will incorporate this. The repacked Launcher 2.0 Build 162 already have it.

I hope I shed some light into this. And again, nefarious stuff are not my thing, matter of factly, it's the opposite. My Launchers don't load modified files, remember?


20 comments:

  1. I'm glad to see you update your blog again. Good luck.

    ReplyDelete
    Replies
    1. and how about the people like me who paid for and never got the software? are you dealing with that also ??

      Delete
    2. I have either refunded most everyone or provided access codes to those who wished to proceed, from oldest transactions to the present. I am also processing those who sent directly to SJRH and BCRF AND followed my direction.

      If you didn't follow the direction I gave, you will be at the bottom of the stack. Too many people have sent and continue to send fake receipts that left me jaded.

      If I don't get confirmation directly from SJRH or BCRF, there's just no fast way for me to validate your claim, not if I'm inundated with fake receipts from way too many people

      Delete
    3. Don't be upset, TokenMaster is just a person. We have thousands or even tens of thousands of people emailing him. He also has his own family, work, life and entertainment. He is too busy. Either you wait or you don't use this software to deal with your BMW. That's my point of view.@mike lovell

      Delete
    4. im not the only upset person. and thanks for your opinion, but screw it also. ive waited since october last year, like so many other people. it doesnt matter how many people email, setup a system to handle it. when you find a problem, put a solution in place. my point of view: i see how quickly tokenmaster has responded to someone hacking his software, perhaps the same reaction could be put into providing a solution to the cause of the backlog instead.

      Delete
    5. I honestly love to hear your idea. I'm receiving hundreds of fake receipts every single damn day. Long gone are the days when I take someone's word for it. The proverbial well has been poisoned and I'm not going to sit like it's business as usual

      Delete
    6. Perhaps just quit with requiring people to send you receipts - this is due to the option you gave that people can transfer it to a charity of their chosing.

      If you want to automate; simplify.

      Paypal only towards your address.
      If payed activate license, if cancelled/refunded automatically cancel license (you already have that ability with your 3.x portal!).
      It's your product, so you decide what to-do with the money. If you want to offer a choice, make a dropdown box with the charities people can choose from.

      I'm not saying this is all done quickly. But keeping it simple provides the best way for all parties. I think everybody can agree that with the current methods it simply not really works well.

      If people don't like that you choose the charity, bad luck for them.

      Delete
  2. How can I sent you message? I would like to proceed and need to donate.

    ReplyDelete
  3. Hi. I have an F10 and want to get this software too. Can you tell me how to proceed and donate?
    Thank you.

    ReplyDelete
  4. TM, I (along with many others) sent you a donation over a year ago and haven't heard anything from you since. Can you please fix this situation?

    ReplyDelete
    Replies
    1. Everyone who donated and followed my instructions, at least until September of last year, got their end of the bargain. I'm still working on those who did after that.

      If you didn't follow the directions I stated in my auto-reply, there's simply nothing I can do at this moment.

      It's really simple, I just need SJRH and BCRF to send me confirmation via their eCard options.

      Delete
    2. Thx for your action hopefully u reach december donation soon

      Delete
  5. i followed your directions, i sent screenshots, everything, so many emails.. but i still have nothing...

    ReplyDelete
  6. i can pull up my credit card receipts even.

    ReplyDelete
  7. Hello what do I have to do that I get the software and the code

    ReplyDelete
  8. Izin promo ya Admin^^
    bosan tidak ada yang mau di kerjakan, mau di rumah saja suntuk,
    mau keluar tidak tahu mesti kemana, dari pada bingung
    mari bergabung dengan kami di ionqq^^com, permainan yang menarik
    ayo ditunggu apa lagi.. segera bergabung ya dengan kami...
    add Whatshapp : +85515373217 ^_~ :))

    ReplyDelete
  9. Good news this is to everyone out there with different health challenges, as I know there are still a lot of people suffering from different health issues and are therefore looking for solutions. I bring you Good news. There is a man called Dr Ehimare a herbal practitioner who helped cured me from HSV (2). I have suffered from this disease for the past 5 years and I have spent so much money trying to survive from it. I got my healing by taking the herbal medicine Dr Ehimare sent to me to drink for about 14 days . 3 days after completion of the dosage, I went for a medical checkup and I was tested free from HSV. All thanks to God for leading me to Dr Ehimare who was able to cure me completely from this deadly disease. I’m sharing this so that other people can know of this great healer called Dr Ehimare   because I got to know him through Elizabeth who he cured from HIV. I was made to understand that he can cure several other deadly diseases and infections. Don’t die in ignorance or silence and don’t let that illness take your life. Contact Dr Ehimare   through his email  drehimare3@gmail.com or whatsapp on +1 (267) 691-1087   He cure all forms of disease {1}HIV/AIDS {2}DIABETES {3}EPILEPSY {4} BLOOD CANCER {5} HPV {6} BRAIN TUMOR {7} HEPATITIS {8}COPD{9} SICKLE AND ANAEMIA.etc Be kind enough to share as you received.  

    ReplyDelete