__Is reverse engineering legal?__
Version November 1998
[European Union's laws]
~ [United States' laws] ~
[Why we crack]
[The 'legal scarecrow' saga] ~
[Intellectual Property Protection]
Additions and slightly different positions
1) The+Starling's essay
Reverse engineering a program you have legitimately bought and studying or modifying
its code is perfectly LEGAL, at
least in the European Union, as long as
* You do it only for your personal use or for "educational purposes" (i.e. study)
* You do not use big chunks of the code for applications you SELL
You may for instance completely
modify Wordpad for your personal use, as I did, in order to have as defaults *.txt,
*.alf and *.asm instead of the almost useless *.doc
You may rip off whatever code
you want from whichever application you want in order to use it, modify it, squash it
with a mace or throw it away :-)
Well, let's demonstrate it... here is the law:
European Union Directive, (Software Copyright Protection) 14 May 1991:
Article 6: Decompilation
1. The authorization of the rightholder shall not be required where reproduction of the
code and translation of its form within the meaning of Article 4 (a) and (b) are
indispensable to obtain the information necessary to achieve the interoperability
of an independently created computer program with other programs, provided that
the following conditions are met:...
This, translated, means that you do not need "the authorization of the rightholder" like you would for 4a (temporary
reproduction of a program) or 4b (translation, adaption, arrangement and any other alteration of a program) if this is
necessary to debug and/or run the crap you have bought. The "following conditions" are that you do it yourself and
only insofern as you deem to need it really.
Note -what's even MORE important for reverse engineering- that
at article 5 there are some EXCEPTIONS to
the restricted acts:
Article 5: Exceptions to the restricted acts
1. In the absence of specific contractual provisions, the acts referred to in
Article 4 (a) and (b) shall not require authorization by the rightholder
where they are necessary for the use of the computer program by the lawful
acquirer in accordance with its intended purpose, including for error correction.
2. The making of a back-up copy by a person having a right to use the
computer program may not be prevented by contract insofar as it is
necessary for that use.
3. The person having a right to use a copy of a computer program shall be
entitled, without the authorization of the rightholder, to observe, study
or test the functioning of the program in order to determine the ideas
and principles which underlie any element of the program if he does so
while performing any of the acts of loading, displaying, running,
transmitting or storing the program which he is entitled to do.
Quite right! Obviously there cannot be a "looking under the cover is forbidden" policy, which would lame all
technical development (it's already lamed enough like it is now),
therefore you may observe, study or test
the functioning of any program you fancy (the reason is
that they could not have forbidden it anyway :-) sipping your favourite Martini
There is another point at art.7.1.(c) that refers to "technical devices which may have been applied to protect
a computer program", which could be of interest for us:
...Member States shall provide, in accordance with their national
legislation, appropriate remedies against a person committing...
(c) any act of putting into circulation, or the possession for commercial purposes
of, any means the sole intended purpose of which is to facilitate the unauthorized
removal or circumvention of any technical device which may have been applied to
protect a computer program.
But this refers -at most- to dongles-cracking and it is clearly intended for mass-burning of pirated cd-roms (which BTW is a
big industry in the far East and in the Ex-Yugoslavian Lilliput states)
US law seems to be more restrictive (which is obvious, given the way our planet is ruled,
since the States lead themselves the software industry and therefore
defend their own interests... software protection laws will probably be much
more permissive only when the
new software will
be mainly produced by the poor countries), see, for the differences between
European Union's laws and US' laws , the articles at
http://www.woodmann.net/fravia
Here is an interesting snippet about disassembling and law in the States, 1992
Disassembly of Object Code
Sega v. Accolade, decided by the Ninth Circuit in 1992, makes clear that, in certain instances, the unauthorized
disassembly of a computer program's object code in order to derive source code is not a copyright infringement. The Ninth
Circuit applied the 'fair use' balancing test to determine that Accolade's use of reverse engineering techniques to produce an
'intermediate copy' of Sega's source code did not constitute copyright infringement. Accolade never distributed the
intermediate copy commercially, but instead used it only to extract unprotectable ideas Ñ a sequence of bytes which act as a
software key Ñ from Sega's game program. This key was then incorporated into Accolade's games, enabling them to 'unlock'
and run on Sega's game platforms. The court cautioned, however, that disassembly involves the making of a literal copy of a
program, and it is permissible only when necessary to extract the unprotectable ideas. It is unclear how far this fair use right
extends.
This brings us nowhere... the whole subject seems pretty unregolated as for now... it would be worth to
examine and "reverse engineer" (if you are a lawyer or a specialist in applied semantics) the various
"scarecrow" information that we always find inside all software packages... some of them are so severe
and unpolite that seem written
by an Orwellian fanatic or a "Farenheit 451" follower :-). See below about this aspect.
WHY WE CRACK
Now the "why we crack" part: We are defeating mainly copy protection schemes (but see my two lessons
on how to completely reverse engineer a Windows 3.1 application) bacause that's fun, and
this way
we can get a lot of people on the bandwagon, for the challenge, and because we believe
firmly that every knowledge (in fact I believe everything) should be free (in the web and in the whole world)... but we
are doing NOTHING at all compared with that what is really happening around you:
Every program you can think of can be found on the web, (in
thousand different ftps) in
its COMPLETE version many WEEKS before it ever appears in the best shops, as everyone
with intelligence level "eggplant" soon discovers.
There are obviously differences among
all the stupid countries of the planet...
You may want to have a look
here in order to
consider where you would be able to buy/produce pirated software or where you should install your server for more "aimed" reverse
engineering activities or whatever:-) Besides, since there are "money" and "tax" paradises (and -how funny- nobody makes much
fuss about that), why shouldn't there exist "software" paradises? (Obvious answer: because money paradises are useful for the rich, software
paradises would be useful for the poor :-(
And that's the huge "illegal"
part of it, but there is also a huge "legal" pirating (forced by the fierce
concurrence in the software market and by the mere existence of the warez scene on the Web):
Programs and applications are being now sold on Magazine's CD-ROMs IN THEIR COMPLETE
VERSION few months after their first appearence for next to nothing... this began in Europe 5 months
ago and the rithmus
(and the quality of the software) has increased enormously: I saw some days ago Panzer general 2 complete (CD Player n.19), Ticonderoga
complete (both not at all so old games: late 1996!) Database 5 and the
whole Lotus set '97 complete and unrestricted (PcPlus 35b, with the
complete Borland Delphi 1 and the complete "ImagePals" as well)
on various magazine's cd-rom. The same Lotus set was, for instance, sold in its boxes at the
software retailer for TWENTY times the magazine price, it may sound illogic, but it is
exactly so... Lotus is scared dead to disappear (thanks to the Micro$oft war against all
other software producers... funny, there never seem to be any law against this kind of
actions , btw :-( and Lotus is therefore compelled, like Netscape,
to give away for free its software just in order to survive... yet even these magazines with 600 megabytes of good software on them every
month are selling less and less (hence the fierce concurrence) because everything is already on
the web for free...
And all this is only the top of the Iceberg: Hundred of THOUSAND of
BBS all around the world push around tons of Megabytes of pirated software, which to day you
may easily burn on cd-roms in order to distribute them at your friends on your birthday
party. Cheaper than buying a cake
And that was for the big commercial" software
companies.
Shareware programmers are NOT damaged by good crackers (who study assembly and are mostly
programmers themselves) but by themselves, when they program with useless overbloated languages
huge toy-applications and by "serial numbers aficionados", people that
prepare and distribute huge lists with millions of validation codes that you can find everywhere
on the web.
On our pages there is not a single pirated copy of software... we do not need pirated copies
since we are able to crack them in spades anytime we fancy (or to fetch them immediately from
the web... we don't even need to keep programs on our harddisk any more, would be like
hoarding leaves in a forest) besides we do not even care much for the software we crack... in fact (apart our
beloved Softice) we are much more interested in the protection schemes themselves than in
the software they protect, which most of the time is pure crap. As you'll see in some examples
of +ORC's tutorial and in many students' essays, we even AMELIORATE the programs we crack.
We do
not steal, we study, and the software development will soon depend (and in part depends already)
from the capacities that we (and almost nobody else) are developing: who else if not a
cracker will in few years time be able to compact and ameliorate already existing, lame applications?
I believe the society is already changing, and in my opinion the fact that you
have worked in something like the +HCU will soon open you quite a lot of doors :-)
As you'll read on the (very important)
student page, one of our problems, is that
the protection schemes are (mostly) incredibly stupid. That's why we have decided to
begin writing and devising much stronger protection schemes ourselves... for the challenge and in order
to improve ourselves, seen that the commercial programmers are
not able to give us any "cheap thrills" any more... how could they? Most programmers
seem to work
for useless money, not for the (very important) pleasure, nor for the only thing that really
matters in this new age we are already in: knowledge!
You may want to have a look at some programmers' discussions in my counter
intelligence section, at some advices for programmers in my How to protect better and
programmers' corner sections.
THE SCARECROW AGREEMENT SAGA
('Legal scarecrow' agreements are NOT legally binding)
Most licence agreement (that thing that you click "I agree" on and never read,
where you agree to give up your first born child and let your sister be
sold as a slave :-) include a clause that prohibits reverse engineering. A couple of
examples...
IF YOU AGREE TO THE DISCLAIMER AND LICENSE YOU MAY:
(i) use this software on as many computers as you wish at no charge for
up to but no more than 30 days. After 30 days of use you must either
discontinue the use of this software or purchase a registered version
for each computer that you are going to use this software on.
YOU MAY NOT:
(i) sublicense, rent, sell, or lease any portion of this software;
(ii) reverse engineer, decompile, disassemble, modify, translate,
make any attempt to discover the source code of this software, or
create derivative works from this software; or
(ii) continue use of this software after your 30 day trial.
DISCLAIMER OF DAMAGES:
We have made every effort possible to ensure that this software is free
of any bugs or errors, however in no way is this software to be considered
error or bug free. By using this software you assume all responsibility
for any damages or lost data that may result from any errors or bugs in
this software. Regardless of whether any remedy set forth herein fails
of its essential purpose, in no event will our Software house be liable
to you for any special, consequential, indirect or similar damages,
including any lost profits or lost data arising out of the use or inability
to use this software...
Note that you should not "reverse engineer, decompile, disassemble, modify, translate,
make any attempt to discover the source code", as if the source code of a
software product were a 'private secret' that third parties are not even
allowed to examine...
Here another example:
You may not:
* permit other individuals to use the Software except under the
terms listed above;
* permit concurrent use of the Software;
* modify, translate, reverse engineer, decompile, disassemble or
create derivative works based on the Software;
* copy the Software other than as specified above;
* rent, lease or otherwise transfer rights to the Software; or
* remove any proprietary notices or labels on the Software.
TITLE
Title, ownership rights, and intellectual property rights in the
Software shall remain in Our Software house and/or its
suppliers.
The Software is protected by the copyright laws and treaties.
Title and related rights in the content accessed through the Software
is the property of the applicable content owner and may be pro-
tected by applicable law. This License gives you no rights to
such content.
TERMINATION
The license will terminate automatically if you fail to comply
with the limitations described herein. On termination, you must
destroy all copies of the Software and Documentation.
Here there seems to be an interesting possibility. I reverse the
software. License has been violated and terminate. I then destroy
all copies of the software, and have then respected the licence. And so
on ab absurdo. Like the never-ending sentence
"All crackers are liers, lied the cracker".
OK, it is clear that such 'scarecrow' agreements are as
funny and
preposterous as you wish, yet of course NOT legally binding. Let's
demonstrate it ab absurdo: If they were legally binding, then ANY
agreement of this sort would be, and then anyone, you or me,
could prepare on his own a small program (I promise that I'll really
write it myself as soon
as I find the time) that acts as a small 'wrapper' for all this kind
of software (I really wish that a good lawjer will correct this
in
order to make our own 'legal scarecrows' even more dangerous-looking than
those used by some softwarehouses...):
Your software is entering my private computer.
By trespassing this memory point you agree to allow complete possession
of your software to the legitime owner of this computer, and specifically
you completely and irrevocabily agree to allow
any modify, translate, reverse engineer, decompile, disassemble or
create derivative works based on this Software that
the legitime owner of this memory fancies.
You also declare as void and inexistent any
other conditions/agreements regarding your software that may preposterously
be triggered by your software inside
the RAM hosting you.
Finally you accept also COMPLETE RESPONSABILITY for any malfunctioning your
software will have caused to the owner of the hardware you are allow
to visit -take note- ONLY if you accept this.
If you don't wish to accept these conditions, please leave immediatly this private
memory and completely remove you software from this private hardware.
By trespassing this memory point you have completely agreed to the above. [add
date with hours, minutes and seconds here] + [Sign with the version name of the
software]
.
Ab absurdo, as I said... yet, see, either both "agreements" are valid or neither
is... you cannot have the cake and eat it.
I would say that we could keep it this way: anyone
may reverse the hell out of everything, provided he does not steal or sell
alien code.
The only binding texts are the NATIONAL LAWS governing software
reversing and we have already seen that 'at least in the European
Union): 5(3): 3. The person having a right to use a copy of a computer program shall be
entitled, without the authorization of the rightholder, to observe, study
or test the functioning of the program in order to determine the ideas
and principles which underlie any element of the program if he does so
while performing any of the acts of loading, displaying, running,
transmitting or storing the program which he is entitled to do..
And that's it, if you want to have a look at OTHER METHODS to avoid this legal
hassle, have a look at my short essay Scarecrow license agreements and how to defeat them.
INTELLECTUAL PROPERTY PROTECTION
(Patents, Trade secrets, copyrights and trademarks)
Patents for new ideas and designs, are registered in the Public record at the Patent Office
Some encryption algorithms (like the RSA Public-Key algorithm) are patented.
Trademarks are not a problem if you write somewhere the following
(I'm writing it here and yet it covers my whole site! :-)
All Fravia products and scripts are trademarks or registered trademarks of
Fravia.
Other brand and product names are trademarks or registered trademarks of
their respective holders
And that's all.
Trade secrets are information of a given company that give competitive advantages, like
the CocaCola recipe.
To protect against revealing other people secrets when you publish information
gained from others (like I do continuously, for instance, on my student
page), you better write the following somewhere:
All authors whose scripts are accepted for publishing on Fravia's site
warrant and represent that their work is original; that the author is either
its sole author, or that he or she has the legal power to make this agreement
if there are coauthors and that he or she has notified the co-authors of this
agreement; and that the work does not impair anyone else's rights of any kind.
The author agrees to indemnify Fravia against loss or damage (including
reasonable attorney's fees) arising out of any claim alleging a breach of
these warranties and representations.
And that's all following some european attorneys, it's not enough following some
american ones (please write me more :-).
Copyright on everything one's write is automatically
created at the time you create an original work, provided you add somewhere
on your site the following:
Copyright (c) 1995, 1996, 1997, 1998, 1999 Fravia. All rights reserved
Which I do here :-)
Theoretically, after having written all what you can read above, noone should be
able to use any part of my site without asking for permission or paying me royalties,
unfortunately, given some of the subjects of my site, I doubt that I would
find a court able to help much in case of a claim of mine :-)
You are deep inside Fravia's page of reverse engineering,
choose your way out:
homepage
links
anonymity
+ORC
students' essays
toolscocktails
search_forms
antismut
mailFravia
(c) Fravia 1995, 1996, 1997, 1998. All rights reserved