Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
The Courts Government News

Brief Analysis On Reverse Engineering Software 157

An unnamed correspondent writes: " An article on PlanetIT.com discusses a court ruling that establishes the reverse-engineering of hardware and software as legal, under the "fair use" umbrella. What ramifications does this have in the industry? Can I reverse-engineer MS Word and write a word processor that can read and save .DOC files?" The article also asks the eternal burning question "Is the DMCA contradicting itself?" Though the court cases this piece deals with aren't new, the issues they deal with aren't going away, and it turns out that the Bleem and DeCSS cases may have more influence on other reverse engineering cases than anyone anticipated. Will sense chase out absurdity?
This discussion has been archived. No new comments can be posted.

Brief Analysis On Reverse Engineering Software

Comments Filter:
  • As far as I know yes ...
    I'm doing a lot a reverse engeneering and thats the reason why I asked a few lawyers about it allready ;)
  • A simple way around EULAs - get your 3-year-old child, dog, or whatever to open the packaging or
    click the "I accept" button.

    Unless someone at the point of sale actually gets a signature from you that you have read, fully understand and accept the agreement (or unless you're stupid enough to send in such a signed agreement voluntarily), No-one can prove that you were ever aware of the EULA, let alone have read it or (shock, horror) actually agree to it.

    In fact, if the software comes pre-installed, you can even reverse engineer it without anyone ever having to click on the "I accept" button.
    --
  • Comment removed based on user account deletion
  • Comment removed based on user account deletion
  • Some points everyone seems to be missing:

    1. The original case was filed sometime in 1999
    2. DMCA became law in ... when???

    So the alleged infringements may have been committed before DMCA became law. If that's true (and assuming that the crazy US legal system doesn't allow retrospective laws to be enacted), this case will have little use as precedence for cases being prosecuted under DMCA.

    --
  • There are no format incompatibilities between Word 2000 and previous versions - If I save a file in Word2000 and give it to a Word97 user, they can read it just fine. The compatibility matrix is on their site.

    If you look at the compatibility matrix, you'll find that it's mainly 2000 and 97 that they claim interoperate. But even if they actually interoperate, given Microsoft's history, most buyers I have talked to don't seem to assume that they have to upgrade to 2000 anyway in order to be able to read other people's files.

    But row level locking in a $99 dbms is hard to beat.

    Sure, it's easy to beat: with a free database. There are several of them, and they work and scale a lot better than Access.

  • If I'm not mistaken, copyright lasts the duration of the creator's lifetime. Which isn't arbitrary

    Well, we can try, now can't we?



    New worlds are not born in the vacuum of abstract
  • Anyway, it seems the 9th Circuit gets overturned all the time, so I wouldn't get too hopeful about this being a positive sign.

    The case seemed like a fairly ideal one for SCOTUS to take, and they refused to hear it-- that seems like a very good sign, actually. It's certainly possible that they didn't feel like hearing any more cases in that term or somesuch, but they had to be conscious that by refusing to hear it, they significantly strengthened the 9th Circuit's ruling.
  • This was not a court ruling, but actual legislation.
  • The only issue of anonymous information is whether any of that may have come from people who have signed NDAs. Trade secrets are like patents (covering ideas) but with copyright style rules for when they apply (if you rediscover it, someone's trade secret doesn't apply).

    Not quite, since the NDA only applies to the party who agreed to it in the first place. If they pass the information to a third party then that third party has done nothing wrong, since they were never a party to the agreement. Also the only protection a "trade secret" has is that it is a secret, if it becomes widely known then tough.
  • If I'm not mistaken, copyright lasts the duration of the creator's lifetime. Which isn't arbitrary.

    How is this any less "arbitrary" than any other metric?
  • by eigenkarma ( 312062 ) on Sunday February 04, 2001 @03:26PM (#457413)
    No. Adobe is an ethical company. Ever since the first version of Postscript (now is 3rd) all the documentation are public. You can download pdf files of Postscript Language Ref Manual and PDF Ref Manual and other good documentation for free (those books cost several dozen bucks if you buy the hardcopy version from Addison-Wesley, and they are exactly the print version of the pdfs). People have been generating postscript and pdf on-the-fly. You can output straight ps/pdf code (more involved but very flexible and powerful, especially .ps because it's not just a format but a full-blown lisp-like programming language). There are higher level free library such as pdflib with has C/C++/Java/Perl/Python binding. I have many half-a-page perl script that generate high quality graphical reports on the fly (I worked on genomics laboratory with robotics producing tons of data daily). The nice thing about PDF is that everybody can view them and always print true. It's also convenient to create hyperlinked PDF documents using pdflib.
  • You may want to look at Gnumeric [gnumeric.org], it seems to provide all the features: read/write MS Excel (and many more), extensibility, scripting, ...

    -Marcel

  • (see my out-of-print book Undocumented Windows File Formats)

    Amazon have it listed here [amazon.com]. They reckon they can ship in 2-3 days.

    Amazon's UK outfit can get it in 4-6 weeks [amazon.co.uk]

    Funnily enough, Amazon in Germany [amazon.de] can get it in 3-5 weeks.

    Read what you want into that. I blame Frankfurt airport.
  • by Anonymous Coward on Sunday February 04, 2001 @11:36AM (#457416)
    (Sorry for the repost formatting better)

    Does this mean we can legally see BeOS work on Macs and Be has no real reason to bitch anymore about lawsuits from Apple?

    What does this mean for open source stuff as well? Is it now legal to take the TNT drivers from windows and reverse engineer those and publish your results to make optimized drivers for other OSes (same goes with any driver that isn't already supported). I know this happens a lot already through things like bus sniffers, but now that we can just disassemble things for research, that could make a lot of things much much easier. Especially since those complex while loops that check certain hardware statuses will now become much easier to decode by looking at the source code instead of accesses.

    What will this mean for internet game servers as well? Will things like the UO clients and server ports become entirely legal now so there is no grey area or possible lawsuits?

    What about something like disassembling the various parts of QNX and rewriting it to make a free alternative to QNX that's improved and optimized for specific platforms. You could greatly improve things like diskaccess in it by removing the microkernel-ish features and all the message passing it does.
  • Perhaps this goes a bit left, and perhaps I am preaching to the choir. Technological secrets have only helped the power elite, the guys with the money. As a graduate student in an engineering discipline, I cannot tell you how many times I needed secret information to write a paper or complete a project. This problem slows a lot of research, as scientists re-invent the wheel.

    This is why the patent system was begun; it was an incentive to share ideas.

    Maybe one day we will reverse engineer Coca-Cola.
  • The distinction is that Connectix is a big company with lots of money, and Remeirdes is just a mere individual.

    What, you didn't know that 'more money' == 'more rights'....

    Sheesh...
  • by joneshenry ( 9497 ) on Sunday February 04, 2001 @11:44AM (#457419)
    I urge everyone who thinks that DeCSS was reverse engineering to actually read materials such as the transcript of Johansen's testimony [eff.org]. There is simply no evidence that DeCSS was the product of legitimate reverse engineering. Not just once but twice anonymous information was contributed to crack the problem in a form that does not resemble what one would get from treating the system as a black box. Johansen testified: "Yes, I believe the CSS authentication had been posted anonymously in Assembler language on the Internet, and Derek Fawcus had picked that up and rewritten it in C language and posted it on his website." Note the word "Assembler". Johansen also testified that he was given further information from a complete stranger on IRC. On the Livid-dev mailing list on Saturday, October 02, 1999 Eric Smith had posted: "The specific issue WRT the CSS code is that the x86 code was apparently simply ripped out of a working commerical implementation (which was presumably copyrighted)" to which Derek Fawcus had replied "Well I guess it might have been, but I don't _know_ that." (Fawcus went on to explain how he had "worked to understand the algorithm underlying the x86 code.") Why the developers didn't run away as fast as they could once there were questions is something I cannot understand. Didn't anyone learn from previous examples such as Compaq's reverse engineering of the IBM PC BIOS? Compaq set up their reverse engineering effort so that at every stage they could prove the source of information using engineers whom they could assert did not have prior exposure to IBM IP.
  • DVD players are a proprietary platform (because of the "decryption" code they contain). DVD's are built (encoded) to be played on that platform. DeCSS was written to allow people who had purchased a license to a DVD movie to play it on some platform other than a commercial DVD player. Am I missing something here?

    I don't think so. These two cases look exactly equivalent to me.

    The supremely ironic thing is that bleem! actually makes money for Sony. The actual Playstation consoles are - and always have been - sold at a loss. Sony makes its money from titles. If you purchase bleem! and a bunch of titles, you give Sony its profits from the titles without incurring the loss to them of having to buy a console :)

    I'm sure there's a flaw in this reasoning somewhere...

  • If they use the same annoying business model as mobile phones for 1$ and you have to sign a contract with the company, flat-rate offers (in europe), to name it, low entry level fees, it is their problem.
    Company can't rely on customers using their contracts they way they intend it, unless they put it in the contract.
  • No the 2000 file format is backwards compatable with a 97 format reader. I just explicitly said that it can read 2000 or otherwise the assumption would have been that wv cannot read 2000 document. Also FWIW wvWare is GPLed.

    While there were bits here and there of the spec that were not exactly as things were in reality I would not characterise the little bits of data dumping here and there to clarify the intent of the format as reverse engineering

    C.

  • God hasn't done much to stop the progress of Science, however, his self-proclaimed agencies certainly have. To this day the Christian Church is a major hindrance to Science
  • While Word and all the office formats and a large set of windows programs use ole2 storage there are a number of libraries and packages which can read that format. libole2 comes to mind, along with of course the implementation in OpenOffice [openoffice.org]

    C.

  • by caolan ( 2716 )
    If you can reproduce it with a more recent version then submit a sample document which causes this to happen to OpenOffice's writer component's bug tracker [openoffice.org].

    C.

  • It doesn't matter what it says if the courts say that such a restriction is illegal. You can add a clause to the front of a book that states "transends fair use", or even "transends US Constitution". That doesn't mean it *does*.
  • And I can swear that most of the Mexicans do not wear sombreros anymore

    Any hat is a 'sombrero'.
  • Perhaps He choose not to apply for a patent?
  • But is there a legal distinction? I can't see any. Unless one assumes that individuals are always only wanting to steal, and corporations are mature enough to want to stay within the bounds. Bullshit!
  • Absurdity seems to be winning by a landslide. The patent office seems to be decades behind with no hope of catching up. I don't see one court case sweeping all of this away.
  • 2. DMCA became law in ... when???

    Signed on October 28, 1998. Mostly effective on that date, but the "prohibition on the act of circumvention of access control" not until 2 years after signing. see Copyright Office Home Page. [loc.gov]

    I was also curious just where "fair use" ultimately comes from, and the answer is here [loc.gov]

  • Using a clean room is no guarentee that you are "clean". Its about patterns in the code. If you independently arrive at the same code you are screwed. Independence of discovery is no defense.
  • Edison? Stupid American. Try Alexander Graham Bell instead.
  • Fine, but you are missing the point.
    • From page 5/6 of the article:
    • "But that's the extent to which the two cases should be compared [note: Sony vs. Connectix & the DeCSS case], because each contains some important distinctions, says Keith Kupferschmid, intellectual property counsel at the Software and Information Industry Association, a trade association of about 1,200 software and information companies based in Washington, D.C."

    What kaosmunkee was saying is that there is *no* distinction between Sony vs. [bleem,Connectix] and the DeCSS case.

    Note: kaosmunkee was comparing bleem and DeCSS while the article was comparing the Connectix and DeCSS cases, however his point still stands.

  • The only issue of anonymous information is whether any of that may have come from people who have signed NDAs. Trade secrets are like patents (covering ideas) but with copyright style rules for when they apply (if you rediscover it, someone's trade secret doesn't apply).

    But then the people to sue are those who violate the NDA, yes? If you never signed an NDA and someone gives you the information (who is violating the NDA and hence could be sued) then aren't you clear to scream it from the rooftops?
  • Since they had an open book with the original source code, that's not "reverse engineering," that's "re-engineering."

    What you call "re-engineering" *is* reverse engineering.
  • Actually, the fact that God isn't filing a lawsuit would seem to indicate that he doesn't exist (since there's ALWAYS a lawsuit wherever possible!)

    D

  • No.
    A while back you paid for the hardware and the software came along with it, including upgrades and support.
    Later people started charging for using their software to go with other peoples' hardware.

    --
  • I'm sure there's a flaw in this reasoning somewhere...

    Perhaps Sony figures that Bleem! users are more likely to be using pirated games? It's slightly more of a hassle to chip a PSX to accept burned cd's than it is to use Bleem! to work with .iso images from your local warez site, right?

    But ppl who want to pirate games will always find a way. I don't think Bleem lowers the bar that much. So I'm not sure what Sony's deal is either. I mean I can get a chipped console for less than $100 now--and I can use a real "dual shock" controller and get DDR pads too ;) and not deal with all hassle of emulating a psx on my pc....

  • by T. ( 128661 ) on Sunday February 04, 2001 @11:55AM (#457440)
    The IBM PC was reverse engineered. Barely within the boundary of legality. But legal, nonetheless. If this had not happened, would we now live in the so-called "information age"? Probaly not. Reverse engineering and mass-producing the IBM PC clone put real computing power in the hands of almost anyone who really wanted it. Why should we now make illicit the same proletarian and, dare I say, egalitarian mechanism that put us where we are today?
  • Just take a look at Outlook.

    They import lots of other people's mail formats... but try getting your mailbox OUT of exchange and into someone else's format.

  • My understanding on Be was not fear of lawsuites but lack of support from Apple. Be decided that if Apple wouldn't work with them then they would say screw you and only put out Be for x86.
  • > What is being done to repeal the DMCA? Are there
    > technology-savvy lawyers out fighting battles
    > for us, and if not, are any reading this
    > message?

    Yes. The Eric Corley/2600/DeCSS case has the potential to overturn a lot of the most objectionable parts of the DMCA. There were stories about it on Slashdot over the last week.
  • I said out of print. Not unavailable. I'm sure there are tons of copies still around... That would explain why my royalty checks are still in the negative ;-)

    Once burned, twice shy. It's a safe bet there won't be any other books authored by me.

    Pete Davis

  • Nietzsche proclaimed God's death already in 1882, which means both copyright and patents have expired, and everything is public domain now©


    --------------------------------------
  • (The listings were there to make the machine hacker-friendly.) The IBM publications were not "open source" by any means -- using IBM's ROM code would have required a licence.

    Open source means the source is made available, not that one can use it without a licence. Open source != Free. The fact that IBM published the source is what makes it "open".
  • Here's a step by step approach:
    1. Don't use the install program or, if you do, click on "I Disagree." This way you're not agreeing to the EULA.
    2. Use some free utility from the net to unpackage the CAB files (or whatever format the data is stored in).
    3. Reverse-engineer to your heart's content.
    As long as there's no legislation making all reverse-engineering illegal, you haven't broken the software license (because you never agreed to it in the first place) and therefore you're still within your legal rights.

    Now I imagine someday the CAB files and whatnot will be encrypted so this method won't work, and will fall under the same umbrella as the current DeCSS case.
  • by Anonymous Coward
    I'm the "moron" who wanted you to fess up with your moderating habits. But I have to say that I liked your old .sig better.
  • I was under the impression that the Eric Corley / 2600 / DeCSS case wasn't going very well for our heroes.
  • Edison did make many improvements to the telephone, for (IIRC) Western Union. Which owned the Gray patent for the telephone. Unfortunately for Western Union and Gray, the Bell patent application arrived at the Patent Office earlier in the day.

    As part the judgement in AT&T's Patent Infringement case against WU, AT&T got to use all of Edison's improvements (the carbon microphone being one that lasted until the 1970s.)

  • in danger. I mean if you have to get a pack of lawyers, and walk a legal minefield just to develop a product, people are going to do it somewhere else. With the net as it is today, this really is not a big deal.

    Also has been said here before, but most of these large companies got their start doing the very same things they are now trying to make illegal. Just protecting the cash cow.

  • I will answer your first question by answering the other three:

    Yes, yes, and yes.

  • Bleem was to play it on another platform. DeCSS was to copy, as far as the courts were concerned. If a commercial agency were doing it, it probably would have passed because nobody could copy DVDs from it. But since it's open source, it's less difficult to copy DVDs, and thus is more likely to breach fair use. Anyway, I don't entirely agree with the DMCA, but that's as close as I can come to seeing their rationale.
  • I would say the courts are definitely contadicting themselves. This quote is from page 5:

    "The Reimerdes case dealt with somebody who didn't have a right to the DVD but was cracking through it to get the code, whereas the Connectix case dealt with a situation where a company was legally entitled to be using the code and reverse-engineering it for purposes of interoperability," he explains.

    Can someone explain to me why DeCSS doesn't count as "for the purposes of interoperability"? I thought the whole point was to make DVD work on Linux? And, as far as him not having the right to it.... Does that mean that I don't have the right to [loop start]keep making VCDs on my home system, and run them on my DVD player[loop end] until it works?

  • That assertion by the journalist also took me aback for a second. I have no doubt the software industry would likely try to get legislation through Congress to "correct" a court ruling such as this one, but that's just my suspicion. UCITA, though it would impact cases like the one in the story, certainly has nothing to do with the U.S. Congress. UCITA's going through the legislatures, even if it is going slowly.

    Despite your opinion of the current status of UCITA, I think that it is far from dead. Take a look at this map [ala.org] to see where UCITA lobbying activities are underway. Check out anti-UCITA ucita.com [ucita.com]. and pro-UCITA ucitaonline.com [ucitaonline.com]. It's still an issue that has to be followed or it'll take us all by surprise one day, by becoming the law of the land.

    Ed

  • I have never heard of Microsoft ever suing anyone for reverse engineering their data formats.
  • You make a valid point, but he's telling the truth.. look up the book on Amazon... it exists.

    I suppose it's just impossible for us to ever verify that's it's not actually about his pet cat, seeing as we'll never be able to buy the book. (except used, libraries, etc)
  • But then the people to sue are those who violate the NDA, yes? If you never signed an NDA and someone gives you the information (who is violating the NDA and hence could be sued) then aren't you clear to scream it from the rooftops?

    No, my impression is that if the source of the information can be traced back to a trade secret, the company can get an injunction against you from using it. From my understanding, if, for example, some project leader in Microsoft were to post the source code to something, and say, "here, this will make it easier to make your stuff interoperate", Microsoft could come by a year later and say, "oh, he was never given permission to do that, he violated his NDA, and all that stuff is trade secrets". I'm sure there's checks to make sure it isn't abused this blatantly, but I think you have hit on one of the biggest problems of trade secrets.
  • wvware (AFAIK) isn't by Microsoft, and the docs for the word format were 1) Incomplete and 2) Pulled from MSDN soon after they were put up
  • Yes but there's a danger here, and that is that if someone can reverse-engineer the PlayStation, that means it's possible to determine how the machine works without shelling out big bucks to Sony. This means that their entire business model, which consists of losing money on the consoles while sticking it to developers in licensing fees just so they can find out what makes the damned thing tick, collapses and they'd be forced to develop a MORE secure, MORE proprietary console in order to keep going, or risk their console turning into an open commodity like the PC. Given the fact that the PlayStation 2 is their first step in their master plan to conquer the world of broadcast and online media, I don't think they're going to let that happen. So, Sony will continue to treat reverse engineering of their hardware as a serious crime, regardles of what the law actually says.
  • A lot of the *nix drivers are done by reverse-engineering. I know of a couple of Linmodem driver projects that started with a copy of the binary of the corresponding Winmodem. Reverse engineering applied in the purpose of getting hardware specs out of the driver is OK with most of the driver companies. The Win/Lin modem manufacturers care mostly about the SP processing algorithms rather than the DSP specs. The problem with reverse engineering for these modems is that together with the hardware specs, there is sufficient information about what SP algorithm they are using that a sufficienly knowledgeable person can reverse engineer everything out of their driver.
  • "The Reimerdes case dealt with somebody who didn't have a right to the DVD but was cracking through it to get the code, whereas the Connectix case dealt with a situation where a company was legally entitled to be using the code and reverse-engineering it for purposes of interoperability."

    Keith Kupferschmid, intellectual property counsel at the Software and Information Industry Association

    I may be missing something here, but I don't see the distinction. PlayStation is a proprietary platform. PlayStation games were built to run on that platform. bleem! was written to allow people who had purchased a license to a PlayStation game to play it on some platform other than PlayStation.

    DVD players are a proprietary platform (because of the "decryption" code they contain). DVD's are built (encoded) to be played on that platform. DeCSS was written to allow people who had purchased a license to a DVD movie to play it on some platform other than a commercial DVD player.

    Am I missing something here?
  • Will all the hardware and media being locked up to deny people the ability to exercise rights such time shifting, fair use, etc, in favour of having to pay for these conveniences, what the world needs is an organisation, perhaps a bit like the EFF, dedicated to legally reverse-engineering media cripples (such as CSS) and publishing easy-to-follow instructions online, such that Joe Average on the street can time-shift HDTV if he desires, or Joe Geek on his computer can play DVDs on linux with an open-source and uncrippled player, or Joe Apple can download a movie trailer that was officially posted online and write it to DVD with his new apple computer.

    I'd donate, and so perhaps donations could provide a cash and fame incentive for hackers to reverse engineer these attempts at bypassing our rights.

    Projects like the cripple-free DivX box projects could also be aided by the foundation.

    Lawyers would probably be needed as well :-(
  • I'd love to write a report generator that creates raw, but well formated, Excel files without having to depend on OLE/COM and the ever buggy MS Excel.
  • by IntlHarvester ( 11985 ) on Sunday February 04, 2001 @01:07PM (#457483) Journal
    One thing about the Word spec is that it depends on the "OLE Structured Stream format", which is an undocumented spec, but is of course built into Windows and is an extention to MacOS. That's where the embedded stuff like Spreadsheets and even some 'built-in' stuff like line art come in.

    The thing to realize about Microsoft releasing the Word spec is that they very carefully wanted to give 3rd Party vendors enough information to create DOC files that Word could open, *but not* information to open any DOC file that Word created. So what you see is a subset of information that Word is committed to support.

    And as another sidenote on the Word issue, I imagine that Microsoft themselves has a few employees dedicated full time to 'reverse-engineering' the Word format when they plan a new release. Even MS has had interoperability problems (for example, Word 97 before the service pack).
    --
  • You might have something here.

    If There Is A God, and if God Created Everything, then God Has The Patent On Everything, and since Patents Run Out After 17 Years, then The Patents On Everything Ran Out oo-17 Years Ago.

    So invisibility belts, two-way neural communicator implants, and The Transporter, would all be public domain by now.

    If I wasn't an Atheist.

    --Blair
  • by Ian Schmidt ( 6899 ) on Sunday February 04, 2001 @01:16PM (#457485)
    Or (I'll save the Brits the trouble and make this joke for them) God's not American.
  • Check out ghostscript (the Postscript reader). It comes with a utility called ps2pdf which works like Adobe's Distiller and turns postscript into PDF format.

    The sources are downloadable. GNU GhostScript is a GPL'ed version. There's also Aladdin GhostScript which is free for non-commercial use and a commercial version. Take a look here: http://www.cs.wisc.edu/~ghost/ [wisc.edu]

  • Haha. First, I've done quite a lot of COM and OLE programming. Second, you really should look at MS's knowledge base, if you don't believe me. There are tons of bugs that will happen no matter what interface you use or how "good" you program. For instance, I just recently stumbled into a bug where any properties in the PageSetup class could not be read or altered. The cause: No printer installed. Of course, it gave the typical non-obvious generic MS error message and since this app was totally automated and sending the files via email, it never occured to me to setup the printer. Imagine someone wanting to format a document without printing it?!? Gasp.

    Granted, writing the file directly has its drawbacks too, but there are undeniable benefits. For instance, when MS upgrades their interfaces, they frequently break things that are supposed to remain compatible, whereas the MS seems maintain a modicum of file interoperability. There is also the potential for vast speed increases, stability, straight forwardness for simple documents, portability (such as writing a lightweight graphical reporter in *nix), cost savings, not having to install MS Office, zero supervision, freedom from type libraries, dlls, etc.

    Anyhow, I've read the basic BIFF specs before, but how about support for the more advanced features? Such as pivottables? filtering? charts? autosums? advanced formatting? etc etc. I don't necessarily _need_ all of these, but the more the better. I've been considering writing my own file level interface or object to handle a wide range of reports styles.
  • by Alien54 ( 180860 ) on Sunday February 04, 2001 @06:10PM (#457493) Journal
    This section ties back to the Slashdot Ethics [slashdot.org] discussion a few days back, etc.:
    In general, there are two legitimate arguments for using reverse engineering: to integrate a system smoothly with other systems and to ensure that the system does not do damage to the environments in which it operates, says Frank Prince, senior analyst for infrastructure security and management at Forrester Research, a Cambridge, Mass., technology consulting firm.

    On the flip side, companies often make another argument for using reverse engineering -- an illegitimate argument,Prince believes.

    "They think if they can figure out how it does what it does, they may be able to make a better or cheaper or faster version and make some money without incurring all of the costs of the initial development," he says. "How you feel about any of these arguments depends on which side of them you stand on and what you stand to gain or lose. Once again, we end up in a battle over profiting from effort and taking responsibility for your creations."

    As I mentioned before:

    "The problem is that the common rules for ethics are flawed. There are weaknesses in the common rules for ethics because while they promote various virtues, they also promote weakness in the face of unethical behavior by others.

    This is a problem, and opens a can of worms."

    The chaos of the digital age leaves us grasping at straws. People are not following any specific set of rules beyond momentary personal convenience, which ultimately has lead to police states, burned out enviroments, fished-out oceans, etc etc etc.

    In Reverse engineering, the same potential is there, but we are seeing it at another level, in another arena. It is a symptom of a larger situation.

    Bottom Line, we need to get our shit together and work this out before it gets truely screwed up in the legal system (I know it already is screwed up, but it is not thoroughly entrenched yet)

  • If they have already made a big pile of PSX boxes and people buy bleem! instead of the sony hardware, then sony will lose the total cost of each PSX rather than total cost minus selling price. There are also likely other reasons (such as maintaining control over their platform, etc), but if bleem! makes it harder for them to predict how many PSXes to make or causes them to be left with a bunch of unsellable boxes on their hands, they won't be happy.
  • by kevin805 ( 84623 ) on Sunday February 04, 2001 @12:36PM (#457498) Homepage
    Reverse engineering does not mean black box methods. Black box methods are one technique of reverse engineering. They have the advantage of looking a little better when lawsuits come around, and the disadvantage of being much harder.

    Compaq used clean room techniques because of what it was they were doing. When writing low level code, and it has to be bug compatible with something else, you're going to recreate the exact code that was in the original, because there's only so many ways to do something. Now copyright isn't like patents in what it protects. Patents protect the idea, even if you rediscover it. Copyright only protect a specific implementation. For a patent, it doesn't matter how you came up with the idea. On the other hand, for copyright, it only matters how you got the idea. If I get an idea for a poem, and come up with something that's nearly identical to some obscure Robert Frost piece, the courts would start with the presumption that since it's so similar, it must be a copy, but if I could prove that I had never read the poem, nor anything that referred to the poem, or had any knowledge that the poem existed, then my version would be mine. Probably this would make it even more of a pain for the next person to spontaneously come up with this poem.

    With a patent, on the other hand, if I have a blinding flash in my algebra class and write down some patented algorithm, it's still infringing. It doesn't matter that I never heard of it.

    Coming back to DeCSS, if the algorithm is obtained by disassembling the assembly, and then that algorithm is published in a natural language description, then the same author does an implementation in C, it's probably okay. The C isn't going to directly lift anything from the assembly except some of the tables. Given the principle that data cannot be copyrighted (you can't copyright the fact that your study shows that 53% of tech workers want to kill their boss), you could argue that the tables are also not a creative work.

    The only issue of anonymous information is whether any of that may have come from people who have signed NDAs. Trade secrets are like patents (covering ideas) but with copyright style rules for when they apply (if you rediscover it, someone's trade secret doesn't apply).
  • Not correct..

    I have tried several times few months ago to write a small report and give it to a user with Office 97 - he couldn't open it.

    Worse - some versions of Office 97 don't read other office 97 docs! try to send an english docs that was written with Hebrew/Arabic support to a user with Office 97 - he won't be able to read the docs (comes messy)
  • by Wills ( 242929 ) on Sunday February 04, 2001 @12:42PM (#457503)

    Two years ago an Australian court ruled reverse engineering to be lawful (Slashdot story, October 1999) [slashdot.org]. Other jurisdictions outside the US have given similar positive decisions.

  • by Imran Ghory ( 200764 ) on Sunday February 04, 2001 @11:05AM (#457512) Homepage
    I'd just like to point out that Microsoft have released the full-specs for Word .doc files and an open source .doc reader is available, it's called wvware [wvware.com].
  • A program that does REAL decompiling =) But with some expirience you can make head and tails out of the great ASM stuff that IDA Pro creates .. (check out www.datarescue.com for examples) .. I like the EU, where RE for interoperability is allowed =)
  • Due to the fact that so many large corporations have so much invested in their IP, and make so much from it, and the fact that these corporations are so important to the US economy, and hence to the political future of those who matter, it is certain that reverse engineering will remain either illegal or inconveniently legally difficult.

    rr

  • I wonder if the supreme court refused to hear the connectix case because they were waiting for a DMCA case to come along? I would think by deciding not to hear the case that had just been overturned, the supreme court was showing support for the appeals court decision and supporting RE, but maybe they just wanted to wait for a bigger fish to fry (DMCA) which I'm sure they'll be reviewing within the next few years...
  • I was thinking of doing a little bit of reverse engineering using OLE/COM to iterate through the various classes, properties, methods and defined constants (in the type libraries and such) then saving them and doing a diff, of sorts, on the file and saving them in a database. Of course it'd probably require a little more human intervention then that, but still...

    Do you think that approach would be enlightening at all? I haven't studied the BIFF specs at all, other then to determine the scope of the documentation. And I certainly haven't put any real time understanding it. It's just been a thought thus far...
  • I believe MS released the spec for the newer formats and that support for the older formats is indeed based on reverse engineering.
  • by Anoriymous Coward ( 257749 ) on Sunday February 04, 2001 @11:14AM (#457520) Journal
    I'm confused. Possibly so is the author of this article. He seems to imply that UCITA is a pending piece of federal legislation, rather than state legislation. As it is, UCITA appears to be dead and buried in most states (hooray!).

    He draws a line between the Reimerdes and Connectix cases by quoting that Reimerdes "didn't have a right to the DVD". Did he steal it? More confusion.

    Anyway, it seems the 9th Circuit gets overturned all the time, so I wouldn't get too hopeful about this being a positive sign.
  • by AFCArchvile ( 221494 ) on Sunday February 04, 2001 @11:14AM (#457522)
    "Can I reverse-engineer MS Word and write a word processor that can read and save .DOC files?"

    No, because Auntie EULA forbids it, and she'll get uncle Bill and uncle Steve to watch over you if you even try.

  • [...regarding decompiling .class files...]

    Sun hasn't done anything at all about this, they just completely ignore the issue as far as I've seen.

    Maybe I'm just an overly idealistic Slashdot weenie, but I don't see a problem here. In my humble opinion, a user should be able to decompile and examine any code that will be running on his/her machine. Otherwise, every time you run a program, you are trusting the safety and security of your computer, your data, and your network to a pig-in-a-poke.

  • by bugg ( 65930 ) on Sunday February 04, 2001 @12:51PM (#457527) Homepage
    The actual Playstation consoles are - and always have been - sold at a loss.

    That is "common knoweldge" yes, but I'm starting to question if that's true in this day and age. Sony is a massive company, they build a lot of things and obtain others in huge quantities.

    To say that they're selling it at a loss is a huge leap of faith. I'd like to see proof of this.

  • by joto ( 134244 ) on Sunday February 04, 2001 @12:58PM (#457528)
    Nope, copyright does...
  • by Speare ( 84249 ) on Sunday February 04, 2001 @01:56PM (#457529) Homepage Journal

    How was the IBM PC reverse engineered?

    IBM sold technical specs, bus pinouts, BIOS ROM assembler source code and other data regarding the first IBM PC, sold in 1980. This was widely available information. I had an IBM binder with all of these items until it was lost in a move a couple years ago.

    IBM was following in the footsteps of Apple ][, which went so far as to publish the schematics of all of their Apple and Apple ][ computers. It was an OPEN architecture.

    IBM knew that the only way to make the machine catch on was to get any hobbyist with a breadboard to make cool new cards to fit inside.

    Now, Compaq rewrote the BIOS from scratch, taking only the interrupt table and register content "API" for compatibility. Since they had an open book with the original source code, that's not "reverse engineering," that's "re-engineering."

    Franklin copied Apple's ROMs verbatim, and were toasted in court for copyright violations.

  • "I reverse engineered quite a few MS file formats (see my out-of-print book Undocumented Windows File Formats)"

    This seems highly unlikely, as I long ago proved that quite a few MS file formats cannot be reverse engineered (see my out-of-print book Reversed Engineering Undocumented Windows File Formats - It Can't Be Done!)"

    :-)

  • by Faies ( 248065 ) on Sunday February 04, 2001 @01:02PM (#457531) Homepage
    Let's take a look at the telephone.

    Before Mr. Edison made his new and improved telephone, there was an older version (which, I'm sure, had a patent on it). In order for him to make his own telephone, he either would have to work from scratch, get the details from the company/patent, or get a license. Patents exist, of course, to give the original creator money in compensation for his/her efforts. If a creator does not let others gain access to the technology, a monopoly is essentially created. Should patents be ignored under such circumstances (so we could have a better telephone for example)?

    Whether or not this situation is historically accurate, is it right to do this? (unless there's some stupid patent on the whole concept which happens too much these days anyways)
  • if the supreme court re-confirms that reverse engineering is legal, and the distribution of circumvention code is legal under the fair use doctrine...

    wouldn't that basically nuke the RIAA and MPAA back to the stone age???
    ========================
    63,000 bugs in the code, 63,000 bugs,
    ya get 1 whacked with a service pack,
  • First, there are a great many in there that aren't at all printer specific. i.e., headers, footers, basic orientation (i.e., Landscape or Portrait). Second, it's been my experience that Excel doesn't care what printer you have or how it's setup when you use any of these properties, it just does them. If it's too big, small, or unsupported by the printer, you deal with it when you print it, not when you set the properties. Third, Excel files are often used for sharing, just because you can't print on your own, doesn't mean you don't want to leave the document without those formatting. Fourth, that "feature" is NOT documented, at least no where in the common sources. Fifth, the error message is obscure, if they're going to restrict you from doing certain things because of the printer, they can tell you just that. The PageSetup issue is just one of many.

    Anyways, the requirement that I both install Excel (and all it's dlls) and have a printer installed is sufficient reason to want to avoid COM in certain instances. In one such scenario, I'd like to run it unattended on a server--possibly even on *Nix. In the other, we use it within a widely distributed database application. When the latest and "greatest" Excel version comes out for those applications, we either force the user to use the more outdated version, constantly upgrade and recompile for the latest version, or do other such things--none of which are convenient and reliable. It's been my experience that, while the latest Excel file format may change, they maintain a large amount of backwards compatibility. When the user needs to edit and save, we don't care if they save in the latest format or not.

    The bottom line is that while COM may be good for many things, it has serious drawbacks that can be better answered by other solutions.
  • This is an interesting question, it'll be fun to watch what happens.

    Java is in pretty much the same boat with regards to decompilation. There are Java compilers that can take .class files and spit out valid and VERY readable Java source code (basically you only lose the comments and the original names of any member-local variables). Sun hasn't done anything at all about this, they just completely ignore the issue as far as I've seen. There are obfuscators that do a pretty good job of confusing the available automatic decompilers, but none of them are from Sun or officially sanctioned (and they tend to cause 'odd' Java code which seems more likely to break JVMs).

    Of course, Java has been primarily a server side technology, so its not as much of an issue... With .NET Microsoft is currently targetting the server mainly but I agree it will be interesting to see what happens in the future. Will they actually release an MSIL of Office 11 (or whatever), knowing that it could be decompiled into fairly readable C#? Not likely.

  • There is no need for a lawsuit. The threat of nuclear war and incurable man-made disease is enough.

  • by acarey ( 34175 ) on Sunday February 04, 2001 @11:15AM (#457538)
    (Others may want to correct any huge mistakes I make in my analysis...)

    My understanding is that all .NET-capable languages are compiled to MSIL ("Microsoft Intermediate Language") which is _not_ machine-specific, nor is it as low-level even as Java's bytecodes; it is quite human-readable (calls like System.Console.Print etc. are in the clear; variable and memory accessor functions however are done via registers) and readily reversible. This MSIL can then be just-in-time compiled to machine-specific code by the MSIL VM.

    As of Visual Studio Beta 1, MS were non-committal on how they were going to handle reverse-engineering issues, since it's a whole heap easier to do that now than ever (well, ever since VB 2, anyway, which also wrote out its code in the clear).

    Presumably they will have to come up with a strategy that lets the developer target x86 at build time, rather than MSIL...?

    Cheers
    Alastair
  • I see alot of Anti-DMCA and related things talk on Slashdot, but its not clear what the next step beyond talk is. What is being done to repeal the DMCA? Are there technology-savvy lawyers out fighting battles for us, and if not, are any reading this message?

    Also, how enforceable has the DMCA been? There are lots of activities that could fall under its protection that have not yet been shut down. For example, those in the emulation world have just figured out how to break CPS2 encryption used in many modern Capcom arcade games. It seems that this would be illegal under the DMCA. How many times has it been put to use against reverse engineers / hackers?

    Captain_Frisk
  • by Anonymous Coward on Sunday February 04, 2001 @11:17AM (#457541)
    Physicists, chemists and biologists have been reverse-engineering the world for centuries, and yet God didn't file a lawsuit. I take it as an endorsement of reverse-engineering by God himself.
  • by kaosmunkee ( 198798 ) on Sunday February 04, 2001 @11:20AM (#457542)
    From PlanetIT article:

    "The Reimerdes case dealt with somebody who didn't have a right to the DVD but was cracking through it to get the code, whereas the Connectix case dealt with a situation where a company was legally entitled to be using the code and reverse-engineering it for purposes of interoperability."

    Keith Kupferschmid, intellectual property counsel at the Software and Information Industry Association

    I may be missing something here, but I don't see the distinction. PlayStation is a proprietary platform. PlayStation games were built to run on that platform. bleem! was written to allow people who had purchased a license to a PlayStation game to play it on some platform other than PlayStation.

    DVD players are a proprietary platform (because of the "decryption" code they contain). DVD's are built (encoded) to be played on that platform. DeCSS was written to allow people who had purchased a license to a DVD movie to play it on some platform other than a commercial DVD player.

    Am I missing something here?

    --Kaos
  • I dunno, sometimes I lay awake at night wondering if the powers at be really understand the decisions they make. Given all other decisions I see, I can't understand how reverse engineering can be legal. I have talked with big companies that use the "cold room" technique for reverse engineering. Engineers in a room totally separated from the technology develop the usually un protected equivalent. I just dunno.

    -Moondog
  • by istartedi ( 132515 ) on Sunday February 04, 2001 @02:37PM (#457550) Journal

    RE presents a unique opportunity: A facility for determining a natural expiration on copyright.

    The duration of copyright is arbitrary. Some have suggested that the duration of copyright for software be shortened, but it would still be arbitrary.

    Unlike music, literature, and other copyrighted works, software has a distinquishing property. It is possible to create a program that works exactly as the original without copying the original.

    Thus, the time that it takes to reverse engineer a piece of software establishes a natural duration for the copyright on the original. This is not to say that we should revoke copyright on the original once a RE has occured. It simply says that RE renders the copyright on the original somewhat moot. If the RE product is distributed gratis, the money value of the original copyright is eliminated.

    To a certain extent, this is already the way things are. So, if RE is legal (so long as it doesn't involve actual reuse of copyrighted code) I have no problem with it. Under such circumstances, the Free Software community takes on the job of establishing the natural duration of copyright in a free market.

    Of course now I will probably hear from some people who don't believe in a natural right to IP; but I do, and so do a lot of other people. It is unlikely we will ever agree on that issue, but perhaps we can agree to RE as a standard for limiting copyright.

  • Compaq (and later Phoenix) reverse engineered the BIOS without looking at IBM's ROM listings. (The listings were there to make the machine hacker-friendly.) The IBM publications were not "open source" by any means -- using IBM's ROM code would have required a licence.

    Ironically, IBM Microelectronics (a different division than the PC group) was under a court order to cheaply licence all patents it held. This meant that most "clones" used and still use IBM-licenced technology, prime examples being the ISA bus and VGA video. IBM gets a couple bucks back for every non-IBM PC sold, so they aren't complaining too much about it.
    --
  • You legally could inside the EU!
    Where its allowed to reverse engeneer to make 2 programs work together ..
  • by Pedrito ( 94783 ) on Sunday February 04, 2001 @11:28AM (#457555)
    I reverse engineered quite a few MS file formats (see my out-of-print book Undocumented Windows File Formats) and never had any hassles from MS regarding the reverse engineering.

    In fact, MS tried to hire me to provide them with the specs for one of their file formats. Apparently the author of the code never documented the file format. MS had released specs for it, but they were completely wrong.

    After being told by several friends that MS was notorious for delaying payment with contractors, I asked for half the money up-front. They refused and I never did the work.

    But I digress. I reverse engineered a number of file formats that were "proprietary" Microsoft files. If they're going to go after anyone for it, surely they would have gone after me since I was publishing them left and right in magazines and my book.

    I've figured ever since then that MS must have known that the whole thing about reverse engineering in their licenses must be unenforceable.

    You can also look at all the work Andrew Schulman and Matt Pietrek did reverse engineering Windows code and the PE file format and neither of them ever got hassled either, as far as I know.

    Pete Davis

With your bare hands?!?

Working...