GPL violation in Netopsystems FEAD Optimizer/Recomposer used
by Adobe Reader Install package
Kristian Hermansen
khermansen at ht-technology.com
Tue Jan 24 19:36:46 CET 2006
This thread is very interesting. If you really want to find out if the
code is stolen, tell the UPX author to perform a binary comparison with
Halvar Flake's BinDiff product.
http://www.sabre-security.com/products/bindiff.html
This plugin for DataRescue's IDA Pro disassembler/debugger can detect
stolen code very easily. Halvar was a great help in determing that the
CherryOS product contained thousands of "identical or only slightly
modified" functions from the PearPC project. Using graphical binary
differencing, he was able to confirm that CherryOS was actually just a
complete rip off of PearPC.
And for the record, it seems that there is not much you can do to fool
the binary differencing algorithm he uses (within reason). Basically,
just removing strings will not make it "more undetectable" using this
graph analysis approach. I suggest you guys check it out for any
projects in the future which may want to verify stolen code, GPL or not.
Halvar has, at least to me, said that he may offer a discount on the
BinDiff product to people who do this type of research. I would send
him an email and let him know your situation. He may offer to give you
a significant price drop as long as you plan to do some writeup on your
findings with BinDiff and submit them back to him. Give it a try...
--
Kristian Hermansen
More information about the tech
mailing list