lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20110330145911.GW12726@sentinelchicken.org>
Date: Wed, 30 Mar 2011 07:59:11 -0700
From: Tim <tim-security@...tinelchicken.org>
To: Andrew Farmer <andfarm@...il.com>
Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Launched New Tool - RAR Password Unlocker

> > why do we need installer then? distribute that tool as single 
> > executable.
> 
> Because without the installer, it can't try to "monetize" the install by installing search toolbars! (It's nice enough to continue the install if you reject their terms, though.)
> 
> 
> On 2011-03-29, at 13:13, Jo Galara wrote:
> > How does it work? Bruteforce?
> 
> Yes, but... well, JAD does a better job of explaining than I possibly could:
> 
> >      Runtime rt = Runtime.getRuntime();
> > 
> >      String str = "7z.exe x ";
> >      str = str + "\"" + _filepath + "\" ";
> >      str = str + "-p\"" + pwd + "\" ";
> >      str = str + "-o\"" + _destpath + "\"";
> >      str = str + " -y";
> > 
> >      System.out.println(str);
> > 
> >      Process p = rt.exec(str);
> >      p.waitFor();
> > 
> >      if (p.exitValue() == 0)
> >      {
> >        ret = true;
> >      }


That's funny (i.e. pathetic).

A quick search of the tool's website doesn't reveal any links to the
7-zip website.  I'm not going to bother to download this tool, since a
1-line shell script would accomplish the same thing, but if 7-zip
isn't linked to in the accompanying documentation, then that would be
a violation of the LGPL.  From 7-zip's FAQ:

  Can I use the EXE or DLL files from 7-Zip in a Commercial Application?

  Yes, but you are required to specify in your documentation (1) that
  you used parts of the 7-Zip program, (2) that 7-Zip is licensed under
  the GNU LGPL license and (3) you must give a link to www.7-zip.org,
  where the source code can be found.


tim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ