well, I'm sure that who follows this forum or my activity (and is a gamer) knows better than me that my source code sometimes gets copied by oher "nice" people without crediting me or following my license (GPL if applied).
cases like my proof-of-concepts sold by some idiots and other idiots who buy something already public are not rare.
anyway this time I want to show something not ugly like that level but socially interesting:
a person who continues to deny the evidence although I catched him in fault and at the same time tries to cover what he did.
in short yesterday I was surfing on the web and casually found a website containing some password recoveries and some names immediately captured my attention:
http://www.itsamples.com/software.htmlso I decided to take a look at those having the source code available and wasn't much a surprise to recognize my coding style there (yeah mine is almost like a signature) and at the same time no traces of my name in some angle (a "thanx to" or an "original code by" or a small link, practically the minimum for a similar copy).
no problem because I don't care much anyway I was really curious to know what the author would have said if I asked him an explanation (social experiment?) and so I sent him this mail:
Code:
From: Luigi Auriemma <aluigi@autistici.org>
To: info@itsamples.com
Subject: source code
Date: Wed, 2 Feb 2011 00:05:51 +0000
X-Mailer:
Hey Igor,
I have noticed that all the source code you have in your password
recovery section derives by mine.
I'm happy that you like my work but don't you think that I deserve to be
credited for the 1:1 copy you did of it?
then gpl is a license that requires to release derived works under the
same or other compatible licenses and your license is not compatible.
and I received the following reply:
Code:
From: Igor Tolmachev <support@itsamples.com>
To: Luigi Auriemma <aluigi@autistici.org>
Reply-To: Igor Tolmachev <support@itsamples.com>
Subject: Re: source code
Date: Wed, 2 Feb 2011 08:53:11 +0200
Organization: ITSamples.Com
Hello Luigi,
First, thanks for visiting my site.
Yes, I know about your site and I've got a few ideas from there.
Other hand, please take a look at the The Bat password recovery, that you released at 06.06.2010 (taken from thebatdec.c date).
I have developed The Bat password recovery at November 1, 2009:
http://www.itsamples.com/the-bat-password-recovery.html
So, your code of The Bat password recovery is derived from mine :)))
It sounds like this, but (I hope) it is not.
Yes, I've got a few 'magic' numbers for Pocomail and Trillian recovery utilities, but not the full source code. These utilities was requested by good friend of mine as a student diploma (Windows security) practice. Sorry, I helped him.
Despite the code of the 2 above utilities is vastly different (c->c++), I can insert required references (or license) here to your site, just let me know.
Thanks.
Igor.
interesting the fact that this person first starts with an accusation instead of an excuse, then talks only about "ideas" took from my website and then he says that only 2 of the tools are "minimally" related to mine (magic numbers, so practically nothing).
so let's go with my reply:
Code:
From: Luigi Auriemma <aluigi@autistici.org>
To: Igor Tolmachev <support@itsamples.com>
Subject: Re: source code
Date: Wed, 2 Feb 2011 10:26:39 +0000
X-Mailer:
> Yes, I've got a few 'magic' numbers for Pocomail and Trillian recovery
> utilities, but not the full source code.
ah ah ah, "magic numbers"?
they are a 1:1 copy of my code and it covers also the others tools for
becky, total commander and rdp where you even copied the part that was
intended for battlefield 2 passwords and so unrelated to rdp.
> I can insert required references (or license) here to your site
writing that the code is derived from mine would be enough logical, don't
you think the same?
but the reply I received was really unexpected and completely senseless:
Code:
From: Igor Tolmachev <support@itsamples.com>
To: Luigi Auriemma <aluigi@autistici.org>
Reply-To: Igor Tolmachev <support@itsamples.com>
Subject: Re: source code
Date: Wed, 2 Feb 2011 14:26:27 +0200
Organization: ITSamples.Com
Hello Luigi,
Wednesday, February 2, 2011, 12:26:39 PM, you wrote:
>> Yes, I've got a few 'magic' numbers for Pocomail and Trillian recovery
>> utilities, but not the full source code.
> ah ah ah, "magic numbers"?
> they are a 1:1 copy of my code and it covers also the others tools for
> becky, total commander and rdp where you even copied the part that was
> intended for battlefield 2 passwords and so unrelated to rdp.
Sorry, are you kidding about RDP?
Well, go to Google and search for a 'RDP password recovery', you'll find hundreds links with 1:1 code like yours.
Skipped.
The part of code for Total Commander was taken from the ru-board.com Delphi section (in Pascal). Probably, that code was derived from yours. I did not compare.
Skipped.
Regarding Becky! Yes, the Base64Decode shape was taken from your site. But, is this procedure so secret? Good implementation, but nothing more.
Skipped.
>> I can insert required references (or license) here to your site
> writing that the code is derived from mine would be enough logical, don't you think the same?
As I said before, I can insert any license text you want or just remove sources of the 2 utilities: Pocomail and Trillian.
Thanks.
but it's not finished here because "exactly as I expected" this "nice person" has immediately put the hands on "his" code trying to eliminate the points that were blindly copied from mine, for example like the "x9392" string that is used in Battlefield 2 but unluckily for him yesterday I made a backup of his source code :)
you can find it attached to this post so have fun doing the comparisons with his new code and the one made by me on my website:
http://aluigi.org/pwdrec/beckypwd.ziphttp://aluigi.org/pwdrec/pocopwd.ziphttp://aluigi.org/pwdrec/cunprot.ziphttp://aluigi.org/pwdrec/tcdec.ziphttp://aluigi.org/pwdrec/trillianpwd.zipand don't worry you don't need to be a programmer to notice the same "hand" because the style is just the same because porting it from C to C++ and changing the name of the variables is not enough to remove them.
what I want to highlight is that the credits or the license are absolutely not a problem but it's a shame that after I have found him and I showed him that the copy he did was sure at 100% he has not even excused himself and instead has tried to say that he was the good one... really senseless like the politicians in our countries (who said Italy?!?! ih ih ih).
if someone has doubts I'm here.
and if someone wants to report other nice people feel free to do it, even anonymously, just for curiosity and maybe statistics :)
