Full Disclosure: Re: Launched New Tool - RAR Password Unlocker

[Tim <tim-security () sentinelchicken org>]

> > why do we need installer then? distribute that tool as single 
> > executable.
> Because without the installer, it can't try to "monetize" the install by installing search toolbars! (It's nice 
> enough to continue the install if you reject their terms, though.)
>
>
> On 2011-03-29, at 13:13, Jo Galara wrote:
> > How does it work? Bruteforce?
> Yes, but... well, JAD does a better job of explaining than I possibly could:
>
> >      Runtime rt = Runtime.getRuntime();
> >
> >      String str = "7z.exe x ";
> >      str = str + "\"" + _filepath + "\" ";
> >      str = str + "-p\"" + pwd + "\" ";
> >      str = str + "-o\"" + _destpath + "\"";
> >      str = str + " -y";
> >
> >      System.out.println(str);
> >
> >      Process p = rt.exec(str);
> >      p.waitFor();
> >
> >      if (p.exitValue() == 0)
> >      {
> >        ret = true;
> >      }

That's funny (i.e. pathetic).

A quick search of the tool's website doesn't reveal any links to the
7-zip website.  I'm not going to bother to download this tool, since a
1-line shell script would accomplish the same thing, but if 7-zip
isn't linked to in the accompanying documentation, then that would be
a violation of the LGPL.  From 7-zip's FAQ:

  Can I use the EXE or DLL files from 7-Zip in a Commercial Application?

  Yes, but you are required to specify in your documentation (1) that
  you used parts of the 7-Zip program, (2) that 7-Zip is licensed under
  the GNU LGPL license and (3) you must give a link to www.7-zip.org,
  where the source code can be found.


tim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/