Rebex

Skip to content, Skip to navigation



ComponentSoft.NET's components are based on stolen code: The evidence

Updates

2010-07-01 ComponentSoft.NET website is down for a day.
2010-06-19 ComponentSoft created bunch of link-bait blogs on posterous. Content is copied from their primary website and from Rebex tutorials.
2010-03-? CodeUltimate brand was abandoned and the website now redirects to ComponentSoft.NET

Table of content

Summary

Most ComponentSoft.NET components are based on code stolen from other vendors.

They differ in some namespace, class and method names (to masquarade the similarity), but are otherwise identical internally. The following table summarizes the details:

Component list

ComponentSoft.NET's name Original Vendor Contains code from
Ultimate Ftp Expert Rebex Rebex File Transfer Pack
Ultimate Studio Rebex + others Parts of Rebex Total Pack + components from other vendors
Ultimate NetKit Rebex + others Parts of Rebex Total Pack + components from other vendors
Ultimate Ftp Rebex Rebex FTP
Ultimate SFTP Rebex Rebex SFTP
Ultimate SSH Shell and Telnet Rebex Rebex Telnet and Rebex SSH Shell
Ultimate Mail Rebex Rebex Secure Mail
Ultimate Mail Template Engine Rebex Parts of Rebex Secure Mail
Ultimate Bounce Inspector Rebex Parts of Rebex Mail
Ultimate Email Validator Rebex Parts of Rebex Mail
UltimateMailMerge Suite Rebex Parts of Rebex Mail
Other Rebex is not the only vendor whose code was misused by the scammers. Some of the components released by this scammer in the past infringe on intellectial property owned by ComponentAce and ComponentSpace. You are advised to contact these companies if in doubt.

Hidden real company name and address

It looks like the con-artists behind Safabyte, ComponentForge decided that putting a new API on top of code stolen from Rebex (did than last time with XtraComponents) was not such a great idea after all. Instead, they decided to start over again with a new brand. In February, they launched a new website at CodeUltimate.com, but less than two months later, they finally settled on calling themselves ComponentSoft.net. They even got a brand-new website design this time. But the very stealthiness and secrecy they engage in is what revealed them again.

Let's look closer:
  • They never reveal their real company name and address. When pressed through their transaction provider, they implicitly confirmed that they are not a US-registered company, yet fail to mention this on their website. Instead, they still present themselves as "ComponentSoft, a division of ATP, Inc., located in Walnut, California" while in fact they appear to be a division of "ATP Technology, JSC located in Ha Noi, Vietnam". ATP, Inc. also exists (and is linked to a Vietnamese-sounding name), but it's unclear whether they have anything to do with ComponentSoft who don't even link to them.
  • Their website states they are a Microsoft Certified Partner. Microsoft does not know such company in either California or Kentucky. This alone is suspicious. Microsoft sais that they have no record of them. When you ask ComponentSoft, they provide a link to their MSDN profile and say they were certified under ATP Tech. After checking with Microsoft again, you'll find that ATP Tech in Vietnam is listed as a Hardware Partner only.
  • Their domain name was aquired on 2010-03-29 and registered anonymously. See ComponentSoft.NET WHOIS history records (items in red are anonymous registrations). After publishing our blogpost about he ComponentSoft.NET scam at 2010-06-08, they changed the registration to the a non-existent entity (ComponentSoft) (see WHOIS record from 2010-06-25). This alone makes them suspicious. Why would a reputable company do this?

Public API similarities

API of many of their components look just like Rebex API with renamed classes. Some parts were added, changed or removed, but the core functionality is the same. There are even some identical bugs!

To check out the details, download the current trial build from ComponentSoft.NET website and let us know. We'll send you the evidence.

Component internals similarities

Still not convinced? Then just use .NET Reflector to compare the assemblies. The code in the first picture was written by Rebex. It is a part of SshSession.SendPacket method. An identical code was found in ComponentSoft's UltimateSftp.dll assembly (the second picture):
original code stolen code
The tricksters at ComponentSoft will undoubtedly modify the stolen version of SshSession.SendPacket as soon as they become aware of this page, but it doesn't really matter. Most of the code in a majority of their components come from Rebex, so we can simply find another example in that case. Just let us know if you need additional information to do your own analysis.

False testimonials and forum posts

The testimonials at their website never mention anyone who could be easily contacted to verify them. In fact, many of these testimonials look copy&pasted from other companies' websites. Just try to google some of the names and testimonial texts. Just leave out the ComponentSoft name and you'll be surprised. Or even better - try to contact the happy users. ComponentSoft.NET should be happy to assist you if these testimonials were valid.

  • Many of their forum posts are from 2009 and still mention ComponentSoft. This is strange, because the domain name was only registered in March and previously belonged to a different entity. In fact, these forum posts were simply recycled from forums of their previous incarnations - unsurprisingly, they treat their customers' support request and nicknames just like other people's source code.

Company history

The code is the same and the components are similar. Who is the original, genuine vendor and who is a scammer?

Compare the company history and reputation:

ComponentSoft Rebex
  • The testimonials at their website never mention anyone who could be contacted to verify them.
  • No online mentions about ComponentSoft.NET before 2010.
  • No real company behind website. The company they claim to be a part of is located in Vietnam, yet they pretend to be a US-based endity at their Contact Us page.
  • They claim that they are Microsoft Partner but Microsoft doesn't know about it.
  • Founded in 1995.
  • The Internet Archive (web.archive.org) houses archived versions of rebex.cz from 1997-today (software consulting division)
  • The Internet Archive (web.archive.org) houses archived versions of rebex.net from 2002-today (.NET components). Both websites are still active today.
  • Rebex have always been located in Prague, Czech Republic and is not hiding this.
  • Testimonials are bound to verifiable sources.
  • Oldest known external reference: A vetaran user at forums.asp.net (with more that 45000 post points) recommended Rebex FTP component in July 2003. [link] [screenshot].
  • Rebex has been selling components via ComponentSource since 2004.

 

Read more: FAQ |  Evidence |  Get a genuine version |  Contact