Distributed with numerous programs including McAfee's virusscan suite and Patricia Hoffman's VSUM was a program by the name
of Validate, written by Dennis Yelle. It was written to provide a checksum to verify a file's authenticity.
The last version (as a .COM anyway) that I know of was 0.3. Strangely, it was written to delete itself if run after June
30th 2000. This
doesn't help if you're trying to verify an oldschool ware dragged out of the archives. This isn't the only strange thing
about Validate. Visible within the binary are the strings "Please enter the password now:" and "Access Denied".
The "Access Denied" string is printed prior to Validate deleting itself,
I'm not sure what purpose the password prompt serves however. There is code to print the prompt and accept input within the
program, but I'm not sure that it ever gets executed. I had a quick hack at it, and after entering the password correctly
it jumps to an invalid addresss.
The password prompt was noticed by others at the time including the virus group Phalcon/Skism who printed a disasm in 40hex
issue #3. It was titled "the first 40hex challange" to discover what the password prompt is all about. As far as I
remember nothing was printed regarding it in later 40hex issues.
Today, I decided to see if I could write a win32 app in asm and ended up writing a crackpatch for Validate 0.3.
Patch: V03PATCH.ZIP Validate 0.3: VALIDATE.ZIP
The patch will stop Validate deleting itself and bypass the DOS version check. Validate will now work as it did in
the days of old.
Metabolis
nofrills@insomnia.org
