Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Launched New Tool - RAR Password Unlocker
From: Tim <tim-security () sentinelchicken org>
Date: Wed, 30 Mar 2011 07:59:11 -0700

why do we need installer then? distribute that tool as single 

Because without the installer, it can't try to "monetize" the install by installing search toolbars! (It's nice 
enough to continue the install if you reject their terms, though.)

On 2011-03-29, at 13:13, Jo Galara wrote:
How does it work? Bruteforce?

Yes, but... well, JAD does a better job of explaining than I possibly could:

     Runtime rt = Runtime.getRuntime();

     String str = "7z.exe x ";
     str = str + "\"" + _filepath + "\" ";
     str = str + "-p\"" + pwd + "\" ";
     str = str + "-o\"" + _destpath + "\"";
     str = str + " -y";


     Process p = rt.exec(str);

     if (p.exitValue() == 0)
       ret = true;

That's funny (i.e. pathetic).

A quick search of the tool's website doesn't reveal any links to the
7-zip website.  I'm not going to bother to download this tool, since a
1-line shell script would accomplish the same thing, but if 7-zip
isn't linked to in the accompanying documentation, then that would be
a violation of the LGPL.  From 7-zip's FAQ:

  Can I use the EXE or DLL files from 7-Zip in a Commercial Application?

  Yes, but you are required to specify in your documentation (1) that
  you used parts of the 7-Zip program, (2) that 7-Zip is licensed under
  the GNU LGPL license and (3) you must give a link to www.7-zip.org,
  where the source code can be found.


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]