Wednesday, June 3, 2020

Statement on fraudulent DMCA complaints

It came to my attention that someone pretending to be me is sending DMCA takedown requests for several GitHub repositories, claiming the repositories are infringing on my copyright for mfg_dat_decode, also known as 802.1x Credential Extraction Tool

I hereby affirm that as a copyright holder for the abovementioned tool, I have never sent DMCA takedown requests for any GitHub repositories.

I do authorize the distribution and use of mfg_dat_decode in its binary unmodified form in any open source projects for non-commercial purposes. Any commercial use, including use in any legal proceedings requires explicit license. Decompiling, disassembling or any other reverse engineering or modification of this tool for any commercial use is strictly prohibited.

6 comments:

  1. Thank you Sergey, god bless you, a true Hero to this community - Tom.

    ReplyDelete
  2. Any comment why the decoder comes up as a Trojan from https://github.com/iwleonards/extract-mfg ? It has a very high hit rate on VirusTotal.

    ReplyDelete
    Replies
    1. Many anti-virus and anti-malware products don't do a good job with Golang binaries or even UPX-compressed binaries - many tag them as suspicious or malicious right away without doing any kind of analysis. Large software developers have time and resources to submit their products to various whitelists. Smaller, especially not-for-profit developers usually don't.
      It is best practice to not trust anything you download from Internet, regardless of antivirus analysis. My tool does not have any malware, but to be safe you could always run it in an isolated virtual machine or container. Windows 10 comes with a great feature called Sandbox - it is a natural fit for running suspicious applications without risking exposing the whole machine.

      Delete
  3. Hello, thank you for creating this tool. I am running the mfg_dat_decode in the folder with my arris root certs, the mfg.dat file and the wpa_supplicant file. After the decoder runs I get the EAP-TLS file in the folder, however I can not view the contents of said folder nor can I find the wpa_supplicant.confg file. Any help would be appreciated. Thank you!!

    ReplyDelete
    Replies
    1. It is a tar.gz file. It s designed to be used in linux-like OS, but you could open it with 7-Zip in Windows.

      Delete

Making work with eMMC interposer slightly more convenient

In one of the previous posts I have described eMMC interposer and how it can help with modifications of the device firmware without having t...