A tool for modifying the hash of signed driver files (sys, exe, dll) without breaking certificate validation by padding the WIN_CERTIFICATE structure with random bytes. This tool can be used against EDR/AV solutions that block vulnerable drivers based on hash.
SysFlip <input_file> <output_file>
Example:
SysFlip rtkio.sys rtkio_modified.sys
Embeds random data into the certificate table of authenticode signed PE files. Since certain PE fields are excluded from hash calculation during signing, the file hash changes while the signature remains valid.
make
Based on SigFlip by med0x2e