Legal Reverse engineering of software

[gbtami]

Many are using the term RE (reverse engineering) improperly, thus confusing the issues. Legal RE is a process not a task. If you cut the process short and stop with the task, it is illegal.

Legal Process of RE:
1) Hire a software engineer to disassemble and decompile a binary executable.
2) The same engineer learns from this decompiled code.
3) The same engineer writes a paper/book in a human spoken language (such as English, French, Dutch, German ...) on what is in the program and how it works without including any code at all.
4) The same engineer is now removed from the project completely.
5) The paper/book is now given to another engineer or team of engineers that do not have any access to the first engineer and they don't have any access to the decompiled/disassembled code.
6) The engineer/team reads and learns from the paper/book description of how the original program works to get an understanding of how it works.
7) The new engineer/team creates a completely new program based on that understanding of how the old program works without ever seeing any of the decompiled or disassembled code.

That is it in a nutshell.

With Robbo/Ippo, those that reuse the decompiled source code are doing something illegal - here I mean grab Robbo/Ippo and use it as the starting point for your program and tweak it. If your RE process is tasks 1 and 2 skipping the rest, then it is illegal.

Given that nodoby has written a report on its inner workings, the rest can only read it for abstract ideas. Then they can come up with their own coding of those abstract ideas in their own programs which they started from scratch.

Sorry, but it is totally false (at least in EU). The RE of a software is only allowed in two, limited, cases:

1- if you are a customer (not a competitor), with a valid license of the program. Then you are allowed to decompile it in order to understand it and satisfy your curiosity. You are totally forbidden to disclose your findings. (So your 3rd, 5th, 6th and 7th point are totally illegal).
2- for interoperability: if you are a competitor and need to interface your own program with the other program (and this is only allowed IF this other program is not documented enough).

The poor engineer you hired would be in jail very fast. And you too. Just like you can't hire a hit-man. Or more exactly you can, but this is illegal.

That's the way it works in the US as well. If you use RE to look inside, writing it down and passing it on does NOT avoid legal problems. I think Charles is trying to describe "clean room" where you can take the program, but only give it input and look at the resulting output, and use THAT to write a new program. Once you look inside, you have gone too far if you make that information public.

There is a loophole, just release your findings anonymous. That way you are clear. Thus there is no Law really.

If you kill someone anonymous, you feel you are clear?

[Milos]

So you think if you hire a killer outside of your country, your hands are clear?

Equaling reverse engineering and murder is a great example of:

hypocritical code purists and moralist.

To avoid stupid analogies maybe you should consider reading this first.

[gbtami]

So you think if you hire a killer outside of your country, your hands are clear?

Equaling reverse engineering and murder is a great example of:

hypocritical code purists and moralist.

To avoid stupid analogies maybe you should consider reading this first.

You get the point. (No)

[h1a8]

Many are using the term RE (reverse engineering) improperly, thus confusing the issues. Legal RE is a process not a task. If you cut the process short and stop with the task, it is illegal.

Legal Process of RE:
1) Hire a software engineer to disassemble and decompile a binary executable.
2) The same engineer learns from this decompiled code.
3) The same engineer writes a paper/book in a human spoken language (such as English, French, Dutch, German ...) on what is in the program and how it works without including any code at all.
4) The same engineer is now removed from the project completely.
5) The paper/book is now given to another engineer or team of engineers that do not have any access to the first engineer and they don't have any access to the decompiled/disassembled code.
6) The engineer/team reads and learns from the paper/book description of how the original program works to get an understanding of how it works.
7) The new engineer/team creates a completely new program based on that understanding of how the old program works without ever seeing any of the decompiled or disassembled code.

That is it in a nutshell.

With Robbo/Ippo, those that reuse the decompiled source code are doing something illegal - here I mean grab Robbo/Ippo and use it as the starting point for your program and tweak it. If your RE process is tasks 1 and 2 skipping the rest, then it is illegal.

Given that nodoby has written a report on its inner workings, the rest can only read it for abstract ideas. Then they can come up with their own coding of those abstract ideas in their own programs which they started from scratch.

Sorry, but it is totally false (at least in EU). The RE of a software is only allowed in two, limited, cases:

1- if you are a customer (not a competitor), with a valid license of the program. Then you are allowed to decompile it in order to understand it and satisfy your curiosity. You are totally forbidden to disclose your findings. (So your 3rd, 5th, 6th and 7th point are totally illegal).
2- for interoperability: if you are a competitor and need to interface your own program with the other program (and this is only allowed IF this other program is not documented enough).

The poor engineer you hired would be in jail very fast. And you too. Just like you can't hire a hit-man. Or more exactly you can, but this is illegal.

That's the way it works in the US as well. If you use RE to look inside, writing it down and passing it on does NOT avoid legal problems. I think Charles is trying to describe "clean room" where you can take the program, but only give it input and look at the resulting output, and use THAT to write a new program. Once you look inside, you have gone too far if you make that information public.

There is a loophole, just release your findings anonymous. That way you are clear. Thus there is no Law really.

If you kill someone anonymous, you feel you are clear?

Depends.
But you get my point right?