+++ to secure your transactions use the Bitcoin Mixer Service +++

 

We need Your Support. Make a Donation now! or Buy Me A Coffee

Ekush OS - stolen source code/copyright violation

How did it start?

One day we (the ReactOS developers) stumbled upon a website where someone claimed to be writing a Windows NT clone - this was http://www.akshor.com.
After looking at the screenshots of their bootmanager (Todo: put links to images here) some of us suspected them to have used our FreeLdr bootloader.

And then?

Some day around 2004-11-09 Ekush has released binaries of "their" first version which looked very much like ReactOS. Ge van Geldorp (a ReactOS developer, aka GvG) has then uncovered what Ekush was trying to hide: By looking at the strings in their ntoskrnl.exe it was clear that this was indeed (at least based on) ReactOS.

$ strings -a ntoskrnl.exe | grep Ros
CcRosInternalFreeCacheSegment failed, status = %x
CcRosUnmapCacheSegment failed, status = %x
CCRosUnmapCacheSegment failed, status = %x
CcRosInitializeFileCache
CcRosReleaseFileCache
KeRosDumpStackFrames
KeRosPrintAddress

$ strings -a ver.dll | grep ReactOS
OS2 Images not supported under ReactOS at this time.
Original Email: http://reactos.com:8080/archives/public/ros-dev/2004-November/000513.html

Shortly after this mail was sent (2004-11-09) the Ekush site went down for "maintainance".
On 2004-11-10 the Ekush website was back up with a modified set of binaries which was again checked by GvG. He found that all strings which he reported in his first email have gone (except CcRosInitializeFileCache and CcRosReleaseFileCache from ntoskrnl.exe)

Original Email: http://reactos.com:8080/archives/public/ros-dev/2004-November/000528.html

I suspect that they have also violated Microsoft's copyright by using their floppy driver and replacing the string "Microsoft" by "Lianasoft" (which both happen to have the same count of characters - that means it is easy to edit a binary file and replace "Microsoft" by "Lianasoft")
Once this is approved we will not hesitate to inform Microsoft.

Note: For those who think that in Bangladesh you do not have to care about copyright, like the Ekush people seem to do, look at http://news.bbc.co.uk/1/hi/world/south_asia/826331.stm!

The owner of the Ekush domains is named "Shamsuddoha Ranju" and works for Siemens - one would assume they know about copyright law - so he has been emailed by Filip Navara about the violation of copyright and asked him to remove the binaries.
In the afternoon of 2004-11-10 the Ekush website went down again and Shamsuddoha Ranju has not yet replied to Filip Navaras email - we think the website provider has taken down the site.

Since their only intention seems to be to sell ReactOS, WINE, Qemu and Freetype as their own work and violate international copyright laws I decided to take a look at their ntoskrnl.exe (as of 2004-11-10) and dig up another evidence that this is our code.
What I found was our taskswitching code which was clearly copy & pasted from ReactOS source code.

I feel a bit like SCO, but I am not a Smoking Crack Organization and on the contrary to SCO's claims the following is fact, not a claim.

This is evidence that Ekush OS is nothing but ReactOS and copyright violation.

ReactOS source code Ekush OS ntoskrnl.exe (MD5SUM: 4a695772c19a13d15c2a004a695e16b9, date: 10.11.2004) 
.globl _Ki386ContextSwitch
_Ki386ContextSwitch:
/* 
 * FUNCTIONS: Switches to another thread's context
 * ARGUMENTS:
 *        Thread = Thread to switch to
 *        OldThread = Thread to switch from
 */
        pushl        %ebp
        movl        %esp, %ebp
 
c0003020:         55                           push   %ebp
c0003021:         89 e5                        mov    %esp,%ebp
 
        /*
         * Save callee save registers.
         */
        pushl        %ebx
        pushl        %esi
        pushl        %edi
 
c0003023:         53                           push   %ebx
c0003024:         56                           push   %esi
c0003025:         57                           push   %edi
 
        /*
         * This is a critical section for this processor.
         */
        cli
 
c0003026:         fa                           cli
 
        /*
         * Get the pointer to the new thread.
         */
        movl        8(%ebp), %ebx
 
c0003027:         8b 5d 08                     mov    0x8(%ebp),%ebx
 
        /*
         * Set the base of the TEB selector to the base of the TEB for
         * this thread.
         */
        pushl        %ebx
        pushl        KTHREAD_TEB(%ebx)
        pushl        $TEB_SELECTOR
        call        _KeSetBaseGdtSelector
        addl        $8, %esp
        popl        %ebx
 
c000302a:         53                           push   %ebx
c000302b:         ff 73 20                     pushl  0x20(%ebx)
c000302e:         6a 3b                        push   $0x3b
c0003030:         e8 eb 10 00 00               call   0xc0004120
c0003035:         83 c4 08                     add    $0x8,%esp
c0003038:         5b                           pop    %ebx
 
        /*
         * Load the PCR selector.
         */
        movl        $PCR_SELECTOR, %eax
        movl        %eax, %fs
 
c0003039:         b8 30 00 00 00               mov    $0x30,%eax
c000303e:         8e e0                        mov    %eax,%fs
 
        /*
         * Set the current thread information in the PCR.
         */
        movl        %ebx, %fs:KPCR_CURRENT_THREAD
 
c0003040:         64 89 1d 24 01 00 00         mov    %ebx,%fs:0x124
 
        /*
         * Set the current LDT
         */
        xorl        %eax, %eax
        movl        KTHREAD_APCSTATE_PROCESS(%ebx), %edi
        testw        $0xFFFF, KPROCESS_LDT_DESCRIPTOR0(%edi)
        jz        .L4

        pushl        KPROCESS_LDT_DESCRIPTOR1(%edi)
        pushl        KPROCESS_LDT_DESCRIPTOR0(%edi)
        pushl        $LDT_SELECTOR
        call        _KeSetGdtSelector
        addl        $12, %esp

        movl        $LDT_SELECTOR, %eax

.L4:
        lldtw        %ax
 
c0003047:         31 c0                        xor    %eax,%eax
c0003049:         8b 7b 44                     mov    0x44(%ebx),%edi
c000304c:         66 f7 47 20 ff ff            testw  $0xffff,0x20(%edi)
c0003052:         74 15                        je     0xc0003069
c0003054:         ff 77 24                     pushl  0x24(%edi)
c0003057:         ff 77 20                     pushl  0x20(%edi)
c000305a:         6a 48                        push   $0x48
c000305c:         e8 1f 11 00 00               call   0xc0004180
c0003061:         83 c4 0c                     add    $0xc,%esp
c0003064:         b8 48 00 00 00               mov    $0x48,%eax
c0003069:         0f 00 d0                     lldt   %ax
 
        /*
         * Load up the iomap offset for this thread in
         * preparation for setting it below.
         */
        movl        KPROCESS_IOPM_OFFSET(%edi), %eax

        /*
         * FIXME: Save debugging state.
         */

        /*
         * FIXME: Save floating point state.
         */
 
c000306c:         8b 47 30                     mov    0x30(%edi),%eax
 
        /*
         * Switch stacks
         */
        movl        12(%ebp), %ebx
        movl        %esp, KTHREAD_KERNEL_STACK(%ebx)
        movl        8(%ebp), %ebx
        movl        KTHREAD_KERNEL_STACK(%ebx), %esp
        movl        KTHREAD_STACK_LIMIT(%ebx), %edi
 
c000306f:         8b 5d 0c                     mov    0xc(%ebp),%ebx
c0003072:         89 63 28                     mov    %esp,0x28(%ebx)
c0003075:         8b 5d 08                     mov    0x8(%ebp),%ebx
c0003078:         8b 63 28                     mov    0x28(%ebx),%esp
c000307b:         8b 7b 1c                     mov    0x1c(%ebx),%edi
 
        /*
         * Set the stack pointer in this processors TSS
         */
        movl        %fs:KPCR_TSS, %esi
 
c000307e:         64 8b 35 3c 00 00 00         mov    %fs:0x3c,%esi
 
        /*
         * Set current IOPM offset in the TSS
         */
        movw        %ax, KTSS_IOMAPBASE(%esi)

        movl        KTHREAD_INITIAL_STACK(%ebx), %eax
        movl        %eax, KTSS_ESP0(%esi)
 
c0003085:         66 89 46 66                  mov    %ax,0x66(%esi)
c0003089:         8b 43 18                     mov    0x18(%ebx),%eax
c000308c:         89 46 04                     mov    %eax,0x4(%esi)
 
        /*
         * Change the address space
         */
        movl        KTHREAD_APCSTATE_PROCESS(%ebx), %ebx
        movl        KPROCESS_DIRECTORY_TABLE_BASE(%ebx), %eax
        movl        %eax, %cr3

        /*
         * FIXME: Restore floating point state
         */

        /*
         * FIXME: Restore debugging state
         */
 
c000308f:         8b 5b 44                     mov    0x44(%ebx),%ebx
c0003092:         8b 43 18                     mov    0x18(%ebx),%eax
c0003095:         0f 22 d8                     mov    %eax,%cr3
 
        /*
         * Exit the critical section
         */
        sti

        push      $_PiThreadLock
        call      _KeReleaseSpinLockFromDpcLevel@4

        cmpl      $0, _PiNrThreadsAwaitingReaping
        je        .L3
        call      _PiWakeupReaperThread@0
.L3:
 
c0003098:         fb                           sti    
c0003099:         68 00 95 0a c0               push   $0xc00a9500
c000309e:         e8 dd 8f 00 00               call   0xc000c080
c00030a3:         83 3d 5c 90 0a c0 00         cmpl   $0x0,0xc00a905c
c00030aa:         74 05                        je     0xc00030b1
c00030ac:         e8 1f 46 05 00               call   0xc00576d0
 
        /*
         * Restore the saved register and exit
         */
        popl        %edi
        popl        %esi
        popl        %ebx

        popl        %ebp
        ret
 
c00030b1:         5f                           pop    %edi
c00030b2:         5e                           pop    %esi
c00030b3:         5b                           pop    %ebx
c00030b4:         5d                           pop    %ebp
c00030b5:         c3                           ret


The end!