Miranda IM vs. QuickRiver's "ZeeZ Universal IM System"

This document describes the analysis of ZeeZ IM performed by the Miranda IM developer team to investigate if ZeeZ IM is in violation of the GNU GPL license. Four weeks after this analysis was performed, we also did a press release.

Introduction

This story begins in mid-june when several forums started talking about a new Instant Messaging client, called ZeeZ IM, that looked suspiciously similar to Miranda IM. ZeeZ IM was available for download from the Australian company QuickRiver. The Miranda IM developer team examined ZeeZ IM and could very easily establish that it was almost entirely based on the Miranda IM v0.2 source code and that it also contained code from several third party plugins.This would normally not have been a big deal, Miranda IM is open source and published under the GPL license, but in this case we also discovered that QuickRiver was violating the GPL license.

Our analysis showed:

ZeeZ IM uses very large portions the the Miranda IM source code
The ZeeZ IM distribution did not contain any source code, or any information on how to obtain the source code
All copyright notices in Miranda IM had been removed, along with all references to the GPL license and the names of the true copyright holders
No copy of the GPL license was included in the distribution

When third party plugins was included in the count, it turned out that the ZeeZ IM was violating the GPL licenses of at least ten (10!) separate applications!

Or in other words: QuickRiver ripped our source code, replaced the logotypes and our names with their own, made a few changes and then sold it as their own.

Why are we upset?
Miranda IM is the result of several years of development. A large number of developers, translators, artists and users have devoted their spare time to develop a free and open sourced IM client. The result is given away for free, the only thing we ask for is that the users follow the terms in the GPL license. These terms are very reasonable, and not very hard to understand.

The massive violations in QuickRiver's product is evidence of a fundamental disrespect for our work and the open source community in general. This type of abuse must be stopped, preferrably in a harsh and brutal way!

Background

Miranda IM is a multi protocol instant messenger client for Windows. Miranda IM's popularity has been increasing at an impressive rate since the project started in the beginning of year 2000. Key features of Miranda IM are the very low memory and CPU requirements. It also has a powerful plugin system which makes it very flexible. The fact the Miranda IM is GPL licensed has attracted a large group of open source developers who have written more than 170 plugins. All of them are available free of charge from the official Miranda IM website, most of them are open sourced. The Miranda IM project has been hosted on SourceForge since the beginning.

ZeeZ IM is distributed by QuickRiver "Australia's Premier IT Company". A quote from their company profile says:

The QuickRiver Team has dedicated the people, time and resources to
ensure that QuickRiver stays not only on top of the relevant
technologies and products, but also the best practices and leading
trends.

Apparently, they think that "best practices" involves stealing the work of open source developers!

ZeeZ IM was listed in the "Application development portfolio" on the website of the Russian/Australian company QuickRiver (this has now been removed). The portfolio contained the following statement:

Spain, Net Think Media S.L.
www.zeez.com ZeeZ Universal Instant Messaging System
Download your free ZeeZ Universal Instant Messaging System here

The location and phrasing of this text gives the impression that ZeeZ has been developed by QuickRiver for Net Think Media S.L. They do not mention that the application simply is a modified copy of Miranda IM. We did a thorough search of the QuickRiver site without finding any references to the GPL license or Miranda IM, there are also no source code available for download or any information on how to obtain the source code.

The www.zeez.com website was not active to begin with. It only contained a static advertisment of the application. This changed on July 10th, when they started distributing new copies of ZeeZ. The only thing that was different from the first version on QuickRiver was that the help file now included a copy of the GPL license. This would have been a step in the right direction if it wasnt for the completely conflicting end user license agreement on the website.

The content of the ZeeZ website

Click to enlarge

List of GPL license violations found in ZeeZ IM

This is a summary of the license violations we have found in ZeeZ IM.

Miranda IM, Copyright: Richard Hughes, Martin Öberg, Sam Kothabi, Robert Rainwater, and more..
AIM Protocol Plugin, Copyright: Robert Rainwater
MSN Protocol Plugin, Copyright: George Hazan, Richard Hughes and Rako Shizuka
ICQ Change Info Plugin, Copyright: Richard Hughes and Martin Öberg
IRC Protocol Plugin, Copyright: Jörgen Persson
Send SMS Plugin, Copyright: Richard Hughes
PopUp Plugin, Copyright: Luca Santarelli
NewStatusNotify Plugin, Copyright: Luca Santarelli
NewEventNotify Plugin, Copyright: icebreaker
SmilieAdd Plugin, Copyright: Rein-Peter de Boer

The original download location provides the applications 2-10 as external plugins (in Windows .dlls). In ZeeZ IM, the plugins 3,4,6-10 are linked with the main binary as internal modules. This requires several changes to the source code and proves that the developers of ZeeZ IM have modified the sources.

List of suspected license violations found in ZeeZ IM

The following is a list of suspected license violation. They are only suspected because the type of license has not been confirmed.

Miranda YAHOO Messenger Plugin, Copyright: 2002 Rako Shizuka

Rako's Yahoo plugin is different from the other plugins in that it is closed source. It is also the only plugin included in ZeeZ IM that has not been modified.

Examination of the Zeez distribution

This section describes our examination of the distribution found on QuickRiver.

Zeez is distributed in a zip archive named zeez.zip. The archive contains the following files:

zeez.exe		1 441 792 bytes
help/ZEEZ.CHM		17 472 bytes
Plugins/aim.dll 	89 600 bytes
Plugins/irc.dll 	248 832 bytes
Plugins/irc_servers.ini 35 729 bytes
Plugins/yahoo.dll 	94 208 bytes

ZEEZ.CHM is a very short user guide. It has a copyright section with the following statement:

Warning: This computer program is protected by copyright law 
and international treaties. Unauthorized reproduction or distribution of this 
program, or any portion of it, may result in severe civil and criminal 
penalties, and will be prosecuted to the maximum extent possible under the law.

ZeeZ copyright notice. Isn't this just cute? They don't want someone to steal their stolen work...

Conclusion: The ZeeZ distribution does not mention the GPL license or the original copyright information.

Examination of the ZeeZ frontend

The ripoff is obvious to anyone who has ever used Miranda IM. We have gathered a collection of screenshots that compare ZeeZ with Miranda IM for those who have not tested the programs for themselves.



The profile manager is the dialog you are greeted with when you start Miranda IM for the first time. Geez, didn't they think we would notice the similarities?

The ZeeZ License agreement. Does it get more obvious than this? I wonder if they can spell "License violation".

This is what really pissed us off. The have chopped of all the original credits, effectively claiming credits for the entire application.

Apparently they liked our UI design so much that they decided to steal the file transfer dialog too... Can you tell them apart?

Some contact list action (The names have been blurred to protect the innocent). ZeeZ have some fancy skinning applied to its borders but its still the same basic window.

Closeups on the status selection menues. We would say that they are pretty much the same, don't you agree?

Some more menu shots. These user context menues are so similar that we actually mixed up the screenshots in the first try.

These screenshots show that ZeeZ has disabled the display of copyright information from the third party plugins. Lets just say that we have one or two things to say to the programmer who did this modification...

This is the output of the preview function in the PopUp plugin. Notice the label "Hrk" in both versions. That is the nickname of the original author and is hardcoded in the preview code. This proves that the ZeeZ programmers uses the source code from the PopUp plugin.

This could go on forever, but we think we have proved our point by now. By comparing features, dialog resources and strings in the binaries, we have managed to identify at least ten (10) plugins that are distributed with ZeeZ IM in violation of the GPL.

Conclusion: The GUI comparison proves that ZeeZ IM is based on Miranda IM and several plugins, and that the ZeeZ programmers have put a lot of effort into hiding all references to GPL and the true copyright holders.

Examination of the ZeeZ inner workings

The user interface comparison proves beyond a doubt that ZeeZ is a Miranda IM ripoff. We were however not satisfied with this and decided to examine the inner workings of ZeeZ to also prove that they use our code and not just the dialogs.

Proof 1 - The hidden GUID

Miranda IM ships with a GUID to locate a log window that displays network traffic. This window is given the GUID to find out if the log window exists or not, in netliblog.c. You may find this GUID as "676d4af7-970d-4808-b7f6-cb182ff60297". Hooking the FindWindow() Windows API call, which netliblog.c uses, you will see that ZeeZ uses the same GUID! Thus proving that it is the same source.

0047D033:FindWindowA(LPSTR:00000000,LPSTR:004D27AC:"676d4af7-970d-4808-b7f6-cb182ff60297")
0047D039:FindWindowA = 12033A (zeez.exe)

Conclusion: The existence of identical GUIDs prove that ZeeZ uses portions of GPL licensed source code from Miranda IM.

Proof 2 - The database format

To prove that ZeeZ uses the same database code as Miranda IM we compared the database structures that is produced by ZeeZ with the database produced by Miranda IM. The following section describes our findings.

The first test was to see if we could run Miranda IM with a ZeeZ IM database and vice versa:

Run ZeeZ to produce a profile database, make sure there are enough settings created and then exit.
Open up the created profile in a hex editor. You will see the following content:
```
00000000 5A 65 65 5A 20 49 43 51 20 44 42 00 00 00 00 1A ZeeZ ICQ DB.....
```
Note the signature "ZeeZ ICQ DB" this signature is like "Miranda ICQ DB" which is mantained in Miranda IM because of the evolution of the source, also note the last two bytes, '00', '1A'
Now create a profile in Miranda IM with the same methods, close the profile and do a hexdump:
```
00000000 4D 69 72 61 6E 64 61 20 49 43 51 20 44 42 00 1A Miranda ICQ DB..
```
Note the different signature but the same ending marker of '00','1A'. This difference in signatures prevents Miranda IM from loading a ZeeZ database, and vice versa. However, when we changed the signature of a working Miranda IM database to the ZeeZ header it resulted in a database that was successfully read by ZeeZ.

This shows that the database engine in ZeeZ is so similar to Miranda IM that it can read our database. Lucky coincidence? Hardly... The two formats are identical. The following section gives even more detailed proofs of the identical database format.

A Miranda DB header (in C source) looks like this:

struct DBHeader {
  BYTE signature[16]; 
  DWORD version;
  DWORD ofsFileEnd;
  DWORD slackSpace;    
  DWORD contactCount;     
  DWORD ofsFirstContact; 
  DWORD ofsUser;         
  DWORD ofsFirstModuleName;
};

The two files being used in the following comparison will be referred to as "ZeeZ" and "M". ZeeZ is 2048 bytes bytes in size, M is in 709 bytes in size, the difference is because of different settings stored.

BYTE signature [16]

ZeeZ : (16byte) 5A 65 65 5A 20 49 43 51 20 44 42 00 00 00 00 1A ZeeZ ICQ DB.....
M    : (16byte) 4D 69 72 61 6E 64 61 20 49 43 51 20 44 42 00 1A Miranda ICQ DB..

DWORD version
```
ZeeZ : 00 07 00 00
M    : 00 07 00 00
```

DWORD ofsFileEnd

ZeeZ : 00 08 00 00  (08 00 == 0x800 == 2048 bytes!)
M    : C5 02 00 00  (02 C5 == 0x2C5 == 709 bytes!)

DWORD slackSpace

ZeeZ : 90 00 00 00
M    : 00 00 00 00    (0 bytes wasted)

DWORD contactCount

ZeeZ : 00 00 00 00  (0 contacts)
M    : 00 00 00 00  (0 contacts)

DWORD ofsFirstContact

ZeeZ : 00 00 00 00 (no first contact chain)
M    : 00 00 00 00 (no first contact chain)

DWORD ofsUser

ZeeZ : 2C 00 00 00 (0x2C == 44 bytes)
M    : 2C 00 00 00 (0x2C == 44 bytes)

DWORD DWORD ofsFirstModuleName

ZeeZ : C1 05 00 00 (0x5C1 == 1473 bytes)
M     : B9 02 00 00 (0x2B9 == 697 bytes)

We have now shown that the DBHeader structure is like for like, besides some weak attempts at making it look like it is another format. We were given the ofsUser offset at 44 bytes, let's look at where this offset takes us. Each Miranda IM contact (and the user) is stored in a DBContact (in C source) this is what it looks like:

struct DBContact {
  DWORD signature;
  DWORD ofsNext;
  DWORD ofsFirstSettings;
  DWORD eventCount;    
  DWORD ofsFirstEvent,ofsLastEvent;    
  DWORD ofsFirstUnreadEvent;
  DWORD timestampFirstUnread; 
};

The entire structure is 32 bytes, going to offset 44 (0x2C) yields:

ZeeZ:

00000020 00 00 00 00 2C 00 00 00 C1 05 00 00 DE CA DE 43 ....,...Á...ÞÊÞC
00000030 00 00 00 00 60 06 00 00 00 00 00 00 00 00 00 00 ....`...........
00000040 00 00 00 00 40 FD 4D 00 2C 00 00 00 DE CA DE 4D ....@ýM.,...ÞÊÞM

00000020 00 00 00 00 2C 00 00 00 B9 02 00 00 DE CA DE 43 ....,...¹...ÞÊÞC
00000030 00 00 00 00 E9 01 00 00 00 00 00 00 00 00 00 00 ....é...........
00000040 00 00 00 00 84 00 00 00 20 FB 45 00 DE CA DE 4D ....„... ûE.ÞÊÞM

DWORD signature
```
ZeeZ : DE CA DE 43
M    : DE CA DE 43
```
DWORD ofsNext
```
ZeeZ : 00 00 00 00
M    : 00 00 00 00
```
This value is the offset to the next contact, however the user contact chain has only one contact, the user, thus showing the same format here again too.

DWORD ofsFirstSetting

ZeeZ : 60 06 00 00 (1632 bytes!)
M    : E9 01 00 00 (489 bytes!)

DWORD eventCount

ZeeZ : 00 00 00 00 (0 events)
M    : 00 00 00 00 (0 events)

DWORD ofsFirstEvent

ZeeZ : 00 00 00 00 (0 offset to first event)
M    : 00 00 00 00 (0 offset to first event)

DWORD ofsLastEvent
```
ZeeZ : 00 00 00 00
M    : 00 00 00 00
```

DWORD ofsFirstUnreadEvent

ZeeZ : 40 FD 4D 00    
M    : 84 00 00 00

DWORD timestampFirstUnread

ZeeZ : 2C 00 00 00 
M    : 20 FB 45 00

Conclusion: The nearly identical database structure proves beyond any reasonable doubt that ZeeZ uses the Miranda IM database source code.

Proof 3 - The tricky FILE macro...

We like to use the __FILE__ macro in our project, it makes it a lot easier to see where a particular debug output comes from in the network log. Guess what we found in the ZeeZ network log?

[22:55:16 ICQ] C:\work\IM\IM\protocols\netlib\zeez_netlibopenconn.c 15: gethostbyname() failed (11001)

Yup, thats right. The programmers of ZeeZ probably didnt notice it so the macros are still there. This gives us an opportunity to compare file structure. Have a look at the Miranda source file /Miranda-IM/protocols/netlib/netlibopenconn.c. Notice the similarity of the paths and then look at the line:

Netlib_Logf(nlu,"%s %d: %s() failed (%u)",__FILE__,__LINE__,"gethostbyname",WSAGetLastError());

It's a match! We can also note that they have added "zeez_" to all filenames but retained the original directory structure.

We have found loads of other proofs, but we dont want to bore you to death so here comes the conclusion everyone is waiting for,

Conclusion: The __FILE__ macros tell us that they copied our source code tree with only slightly altered filenames.

Contact

This document is written by the Miranda IM developer team.
If you have any comments on this article, or just want to contact us, e-mail us at "info at miranda-im.org".