Copy Link
Add to Bookmark
Report

40Hex Issue 08 File 002

eZine's profile picture
Published in 
40Hex
 · 3 months ago

40Hex Number 8 Volume 2 Issue 4                                      File 002 

-=-=-=-=-=-=-
Eat PUTAV
by Demogorgon of PHALCON/SKISM
-=-=-=-=-=-=-


Even though pk-zip 2.0 will be out soon and all the methods in
this article will be obsolete, I decided to write about them anyway. I
am sure you are familiar with the old program called makeav, which
attempted to brute force hack pkzip registration serial numbers. Sure,
it worked, but it was quite slow. Then, Hal released the program
findav, which did the same task several thousand times faster. Dark
Angel took apart the program findav in order to make a few
modifications. Naturally, Hal included several routines in his code in
order to make it very difficult to take apart. Dark Angel captured a
memory image of findav after it loaded into memory, wrote it back to
disk as a com file, and then changed all of the offsets so that all
references to the data segment were changed to their address in the code
segment. Dark Angel made several modifications, the most important of
which was so that findav would not quit out after finding a serial
number. The new version finds every serial number, and logs them to
disk.

-=-=-=-=-=-=-
An Experiment in Distributed Processing
-=-=-=-=-=-=-

The next day, Garbageheap and I took the modified findav down to
the nearest university. We started it running on twenty 80386 systems
on their network, each working on a different segment of the 4 billion
possible serial numbers. The goal was to find every serial number that
worked for McAfee Associates, so that we could then determine which one
was the one he uses. When an authenticity verified pkzip file is
extracted, pkunzip generates a 3 letter, 3 number validation string that
is dependent on the serial number used to validate it. A single
registration name has millions of valid serial numbers, but each of
these serial numbers has one unique validation string.
For Example:

PKUNZIP (R) FAST! Extract Utility Version 1.1 03-15-90
Copr. 1989-1990 PKWARE Inc. All Rights Reserved. PKUNZIP/h for help
PKUNZIP Reg. U.S. Pat. and Tm. Off.

Searching ZIP: EARLOBE.ZIP
Exploding: NUL -AV

Authentic files Verified! # ATU314 Zip Source: McAFEE ASSOCIATES
^^^^^^

PKUNZIP (R) FAST! Extract Utility Version 1.1 03-15-90
Copr. 1989-1990 PKWARE Inc. All Rights Reserved. PKUNZIP/h for help
PKUNZIP Reg. U.S. Pat. and Tm. Off.

Searching ZIP: EARLOBE.ZIP
Exploding: NUL -AV

Authentic files Verified! # SXQ414 Zip Source: McAFEE ASSOCIATES
^^^^^^

Therefore, the task was to find which of the serial numbers we had
found for McAfee produces the validation string "NWN405". To do this,
we ran every serial number through a program called checkav which Dark
Angel wrote to determine what validation number corresponds to which
serial number. Of course, a task like this would be nearly impossible
on your machine at home, but thanks to my local university, we were able
to use twenty machines at once.


-=-=-=-=-=-=-
Yet Another Way To Eat PUTAV
-=-=-=-=-=-=-
Because there is never only one way to do something, I decided to
put in another way to get whatever validation string you want out of
pkzip. All you need to do is include some ^H characters in your
registration name to backspace over the validation string and create a
new one. Naturally, you can not enter ^H characters when you run
putav, so you enter the correct number of some other character, go
into memory with td, and change them to 08h, the ^H character. That
way, when pkunzip runs and gives you a validation string, it will
backspace over it and show your own. For example:

>>>>> PUTAV.EXE

PUTAV - Put Authenticity Verification in PKZIP.EXE
Copyright 1990 PKWARE, Inc. All rights reserved.

Enter company name exactly as it appears on the PKWARE documentation.
Company Name : ^A^A^A^A^A^A^A^A^A^A^A# BOB666 Earlobe industries
Enter serial number exactly as it appears on the PKWARE documentation.
Serial Number: 23453244

>>>>>

After typing earlobe industries and hitting return, break into
turbo debug and change the ^A's (01) to ^H's (08). Remember to put in
11 backspaces. You can use the same method to find the serial number for
your string with findav.

The only useful application of all this is to duplicate an existing
pkzip registration. You could do that before, but now you can do it
better. Changing the validation string only really makes a difference
if you are trying to duplicate an archive that is known to have a certain
one, like McAfee's.

+++++

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

lostcivilizations's profile picture
Lost Civilizations (@lostcivilizations)
6 Nov 2024
Thank you! I've corrected the date in the article. However, some websites list January 1980 as the date of death.

guest's profile picture
@guest
5 Nov 2024
Crespi died i april 1982, not january 1980.

guest's profile picture
@guest
4 Nov 2024
In 1955, the explorer Thor Heyerdahl managed to erect a Moai in eighteen days, with the help of twelve natives and using only logs and stone ...

guest's profile picture
@guest
4 Nov 2024
For what unknown reason did our distant ancestors dot much of the surface of the then-known lands with those large stones? Why are such cons ...

guest's profile picture
@guest
4 Nov 2024
The real pyramid mania exploded in 1830. A certain John Taylor, who had never visited them but relied on some measurements made by Colonel H ...

guest's profile picture
@guest
4 Nov 2024
Even with all the modern technologies available to us, structures like the Great Pyramid of Cheops could only be built today with immense di ...

lostcivilizations's profile picture
Lost Civilizations (@lostcivilizations)
2 Nov 2024
In Sardinia, there is a legend known as the Legend of Tirrenide. Thousands of years ago, there was a continent called Tirrenide. It was a l ...

guest's profile picture
@guest
2 Nov 2024
What is certain is that the first Greek geographer to clearly place the Pillars of Hercules at Gibraltar was Eratosthenes (who lived between ...

guest's profile picture
@guest
1 Nov 2024
Disquieting thc drinks has been quite the journey. As someone keen on unpretentious remedies, delving into the in every respect of hemp has ...

guest's profile picture
@guest
29 Oct 2024
hi Good day I am writing to inform you of recent developments that may impact our ongoing operations. This morning, global news outlets hav ...
Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT