VMware Cloud Community
lurrenz
Contributor
Contributor

VMware-converter-all-4.3.0-292238.exe

I found on different places in the internet this version of Vmware converter 4.3.0, which i need to do a P2V conversion of a very old RedHat box.

I also found those

MD5: 222485c4eb94767378d76237245349cf

SHA1: 173e03fa689155ead54cad7f0c7acc5e363670ed

How can I be sure both file and hashes haven't been tampered with?

VmWare graciously removed from their site a tool I need to process that box.

Any help would be greatly appreciated.

LZ

Reply
0 Kudos
6 Replies
a_p_
Leadership
Leadership

The checksums match the ones for the converter .exe file that I have in my archive.

One more detail: The file is digitally signed by VMware (08/24/2010)

André

Reply
0 Kudos
lurrenz
Contributor
Contributor

How can I check my copy is actually signed by vmware and trust it?

I just tried with Sigcheck v2.60 from  www.sysinternals.com.

It looks ok, but how can I be sure?
LZ

Reply
0 Kudos
a_p_
Leadership
Leadership

No 3rd party tools required, simply right-click the executable and select "Properties". There you'l find a tab "Digital Signatures".


André

Reply
0 Kudos
lurrenz
Contributor
Contributor

I don't want to look paranoid, but how can I be reasonably sure that even the certificates showing up in the Properties tab haven't been tampered with?

If you open the file with 7-zip by right clicking on it, you find a large payload, some resource folders and a CERTIFICATE file.
I assume the executable runs some integrity check against that certificate, but since I am not so knowledgeable on this things, I just can make assumptions.
Did VmWare publish an MD5 hash when they had this file on their website?

Thank you again for your precious help.

Reply
0 Kudos
a_p_
Leadership
Leadership

VMware provides hashes with most of their binaries, so I assume that it was the case with this file too.

However, it's been a long time since the file was released, and I don't remember whether it was the case.

Anyway, with two different hashes being what they are supposed to be, and a "valid" digital signature, it's highly unlikely that the file has been compromised. The modification of just a single bit would result in different hashes, and would also show the digital signature as being invalid (when you click on the Details" button in the file's properties).


André

Reply
0 Kudos
POCEH
VMware Employee
VMware Employee

Probably the file is compromised, who will want to change some bit(s) of installation?

Reply
0 Kudos