McAfee's VALIDATE.COM


Distributed with numerous programs including McAfee's virusscan suite and Patricia Hoffman's VSUM was a program by the name of Validate, written by Dennis Yelle. It was written to provide a checksum to verify a file's authenticity.

The last version (as a .COM anyway) that I know of was 0.3. Strangely, it was written to delete itself if run after June 30th 2000. This doesn't help if you're trying to verify an oldschool ware dragged out of the archives. This isn't the only strange thing about Validate. Visible within the binary are the strings "Please enter the password now:" and "Access Denied".

The "Access Denied" string is printed prior to Validate deleting itself, I'm not sure what purpose the password prompt serves however. There is code to print the prompt and accept input within the program, but I'm not sure that it ever gets executed. I had a quick hack at it, and after entering the password correctly it jumps to an invalid addresss.

The password prompt was noticed by others at the time including the virus group Phalcon/Skism who printed a disasm in 40hex issue #3. It was titled "the first 40hex challange" to discover what the password prompt is all about. As far as I remember nothing was printed regarding it in later 40hex issues.

Today, I decided to see if I could write a win32 app in asm and ended up writing a crackpatch for Validate 0.3.

Patch: V03PATCH.ZIP    Validate 0.3: VALIDATE.ZIP

The patch will stop Validate deleting itself and bypass the DOS version check. Validate will now work as it did in the days of old.

Metabolis
nofrills@insomnia.org

Main Page