├── README.md
├── ResourceHacker.exe
├── install.sh
├── metatwin.py
└── sigthief.exe


/README.md:
--------------------------------------------------------------------------------
 1 | # pyMetaTwin
 2 | 
 3 | pyMetaTwin is a Python3 implementation of [MetaTwin](https://github.com/threatexpress/metatwin) that allows you to copy metadata and digital signatures from one Windows executable to another using Wine on a non-Windows platform.
 4 | 
 5 | ## Requirements
 6 | 
 7 | - Python 3.x
 8 | - Wine
 9 | - Resource Hacker
10 | - SigThief
11 | 
12 | ## Installation
13 | 
14 | To install the necessary dependencies, run the `install.sh` script provided in this repository.
15 | 
16 | ```bash
17 | chmod +x install.sh
18 | ./install.sh
19 | ```
20 | 
21 | ## Usage
22 | 
23 | After installing the required dependencies, you can run the script as follows:
24 | 
25 | ```bash
26 | python3 metatwin.py <source_file> <target_file>
27 | <source_file> is the path to the Windows executable file from which you want to copy the metadata and digital signature.
28 | <target_file> is the path to the Windows executable file to which you want to copy the metadata and digital signature.
29 | ```
30 | 
31 | Make sure that both ResourceHacker.exe and SigThief.exe are installed and accessible in your system's PATH or pyMetaTwin's working directory.
32 | 
33 | ## Resources
34 | 
35 | * [Resource Hacker](https://www.angusj.com/resourcehacker/)
36 | * [SigThief](https://github.com/secretsquirrel/SigThief)


--------------------------------------------------------------------------------
/ResourceHacker.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Cerbersec/pyMetaTwin/613e73a047cf18c8784a64d46def04fa01b716a2/ResourceHacker.exe


--------------------------------------------------------------------------------
/install.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # pyMetaTwin Dependency Installation Script
 4 | 
 5 | if [ "$(id -u)" -ne 0 ]; then
 6 | 	echo "[!] Must be run as root"
 7 | 	exit 1
 8 | fi
 9 | 
10 | # Update package list
11 | echo "[+] Updating package list"
12 | sudo apt-get update
13 | 
14 | # Install Wine
15 | echo "[+] Installing Wine"
16 | sudo apt-get install -y wine
17 | 
18 | # Install Python 3 if not already installed
19 | echo "[+] Installing Python 3"
20 | sudo apt-get install -y python3 python3-pip
21 | 
22 | # Install python package subprocess32
23 | echo "[+] Installing python package subprocess32"
24 | sudo pip3 install subprocess32
25 | 
26 | echo "[+] Installation complete"


--------------------------------------------------------------------------------
/metatwin.py:
--------------------------------------------------------------------------------
 1 | import subprocess
 2 | import sys
 3 | import os
 4 | import tempfile
 5 | 
 6 | def run_with_wine(executable, args):
 7 |     wine_cmd = ['wine', executable] + args
 8 |     subprocess.check_call(wine_cmd)
 9 | 
10 | def copy_metadata(source_file, target_file, resource_hacker_path, sigthief_path):
11 |     # Create a temporary directory to store extracted resources
12 |     with tempfile.TemporaryDirectory() as temp_dir:
13 |         resource_file = os.path.join(temp_dir, 'resources.res')
14 |         
15 |         # Step 1: Use Resource Hacker to extract resource information from the source file
16 |         extract_args = [
17 |             '-open', source_file,
18 |             '-save', resource_file,
19 |             '-action', 'extract',
20 |             '-mask', ',,,'
21 |         ]
22 |         run_with_wine(resource_hacker_path, extract_args)
23 |         
24 |         # Step 2: Use Resource Hacker to add/overwrite resource information to the target file
25 |         # and save the result to a new file prefixed with res_
26 |         res_target_file = os.path.join(os.path.dirname(target_file), 'res_' + os.path.basename(target_file))
27 |         add_args = [
28 |             '-open', target_file,
29 |             '-save', res_target_file,
30 |             '-action', 'addoverwrite',
31 |             '-resource', resource_file,
32 |         ]
33 |         run_with_wine(resource_hacker_path, add_args)
34 | 
35 |     # Step 3: Use SigThief to copy the signature from the source file to the target file
36 |     # and save the result to a new file prefixed with signed_
37 |     signed_target_file = os.path.join(os.path.dirname(res_target_file), 'signed_' + os.path.basename(res_target_file))
38 |     sigthief_args = [
39 |         '-i', source_file,
40 |         '-t', res_target_file,
41 |         '-o', signed_target_file
42 |     ]
43 |     run_with_wine(sigthief_path, sigthief_args)
44 |     
45 |     print(f"Resources copied from {source_file} to {res_target_file}")
46 |     print(f"Signature copied from {source_file} to {signed_target_file}")
47 | 
48 | if __name__ == "__main__":
49 |     if len(sys.argv) != 3:
50 |         print("Usage: python3 metatwin.py <source_file> <target_file>")
51 |         sys.exit(1)
52 | 
53 |     source_file = sys.argv[1]
54 |     target_file = sys.argv[2]
55 | 
56 |     # Paths to Resource Hacker and SigThief executables
57 |     resource_hacker_path = 'ResourceHacker.exe'
58 |     sigthief_path = 'sigthief.exe'
59 | 
60 |     # Check if the executables exist
61 |     if not os.path.isfile(resource_hacker_path) or not os.path.isfile(sigthief_path):
62 |         print("Resource Hacker or SigThief not found. Please ensure they are installed and in the system's PATH.")
63 |         sys.exit(1)
64 | 
65 |     copy_metadata(source_file, target_file, resource_hacker_path, sigthief_path)
66 | 


--------------------------------------------------------------------------------
/sigthief.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Cerbersec/pyMetaTwin/613e73a047cf18c8784a64d46def04fa01b716a2/sigthief.exe


--------------------------------------------------------------------------------