Removing a code signature

Remove a code signature by copying the unsigned part of a file to a new file.

Before you begin

Check that the file is actually signed before performing these steps, see Verifying a code signature. Otherwise, the original file contents will be corrupted.

Procedure

  1. The following commands copy the unsigned part of a file to a new file:
    Define the file you want to remove the signature from as a local variable:
    $ FILE="<file>"
  2. Calculate the length, L, of the signature:
    $ L=$(( $(tail -c 32 "$FILE" | hexdump -n 4 -ve '"0x%x"') ))
  3. Calculate the size of the file, for example with the stat command:
    $ F=$(stat -c%s "$FILE")
  4. Write the beginning of the file up to the signature to a new file, here called $FILE.orig:
    $ head -c $(( F-L-40 )) "$FILE" >"$FILE".orig