| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 31 Mar 2011 00:12:58 +0530
From: Nagareshwar Talekar <tnagareshwar@...il.com>
To: Tim <tim-security@...tinelchicken.org>
Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Launched New Tool - RAR Password Unlocker
Hey Guys,
That's interesting reversing work and we appreciate your comments on the same.
This tool is from one of our contributing author, Neeraj
(appnimi.com). He is new into this tool development and protocols
where we acknowledge other's contribution in our work.
I have now talked to author and he will be introducing ACK section for
the same. Soon we will update on our pages too.
Generally we give complete credit to other's work however small it may be !
Thank you !
With Regards
Nagareshwar Talekar
http://SecurityXploded.com
http://PasswordForensics.com/
http://NetCertScanner.com
http://twitter.com/securityxploded
On Wed, Mar 30, 2011 at 8:29 PM, Tim <tim-security@...tinelchicken.org> wrote:
>> > why do we need installer then? distribute that tool as single
>> > executable.
>>
>> Because without the installer, it can't try to "monetize" the install by installing search toolbars! (It's nice enough to continue the install if you reject their terms, though.)
>>
>>
>> On 2011-03-29, at 13:13, Jo Galara wrote:
>> > How does it work? Bruteforce?
>>
>> Yes, but... well, JAD does a better job of explaining than I possibly could:
>>
>> > Runtime rt = Runtime.getRuntime();
>> >
>> > String str = "7z.exe x ";
>> > str = str + "\"" + _filepath + "\" ";
>> > str = str + "-p\"" + pwd + "\" ";
>> > str = str + "-o\"" + _destpath + "\"";
>> > str = str + " -y";
>> >
>> > System.out.println(str);
>> >
>> > Process p = rt.exec(str);
>> > p.waitFor();
>> >
>> > if (p.exitValue() == 0)
>> > {
>> > ret = true;
>> > }
>
>
> That's funny (i.e. pathetic).
>
> A quick search of the tool's website doesn't reveal any links to the
> 7-zip website. I'm not going to bother to download this tool, since a
> 1-line shell script would accomplish the same thing, but if 7-zip
> isn't linked to in the accompanying documentation, then that would be
> a violation of the LGPL. From 7-zip's FAQ:
>
> Can I use the EXE or DLL files from 7-Zip in a Commercial Application?
>
> Yes, but you are required to specify in your documentation (1) that
> you used parts of the 7-Zip program, (2) that 7-Zip is licensed under
> the GNU LGPL license and (3) you must give a link to www.7-zip.org,
> where the source code can be found.
>
>
> tim
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists