Reverse engineering legality?
Reverse engineering a program you have legitimately bought and studying or modifying its code is perfectly LEGAL, at least in the European Union, as long as
* You do it only for your personal use or for "educational purposes" (i.e. study)
* You do not use big chunks of the code for applications you SELL
You may for instance completely modify Wordpad for your personal use, as I did, in order to have as defaults *.txt, *.alf and *.asm instead of the almost useless *.doc
You may rip off whatever code you want from whichever application you want in order to use it, modify it, squash it with a mace or throw it away :-)
Well, let's demonstrate it... here is the law:
European Union Directive, (Software Copyright Protection) 14 May 1991:
Article 6: Decompilation
1. The authorization of the rightholder shall not be required where reproduction of the
code and translation of its form within the meaning of Article 4 (a) and (b) are
indispensable to obtain the information necessary to achieve the interoperability
of an independently created computer program with other programs, provided that
the following conditions are met:...
This, translated, means that you do not need "the authorization of the rightholder" like you would for 4a (temporary reproduction of a program) or 4b (translation, adaption, arrangement and any other alteration of a program) if this is necessary to debug and/or run the crap you have bought. The "following conditions" are that you do it yourself and only in so far as you deem to need it really.
Note -what's even MORE important for reverse engineering- that at article 5 there are some EXCEPTIONS to the restricted acts:
Article 5: Exceptions to the restricted acts
1. In the absence of specific contractual provisions, the acts referred to in
Article 4 (a) and (b) shall not require authorization by the rightholder
where they are necessary for the use of the computer program by the lawful
acquirer in accordance with its intended purpose, including for error correction.
2. The making of a back-up copy by a person having a right to use the
computer program may not be prevented by contract insofar as it is
necessary for that use.
3. The person having a right to use a copy of a computer program shall be
entitled, without the authorization of the rightholder, to observe, study
or test the functioning of the program in order to determine the ideas
and principles which underlie any element of the program if he does so
while performing any of the acts of loading, displaying, running,
transmitting or storing the program which he is entitled to do.
Quite right! Obviously there cannot be a "looking under the cover is forbidden" policy, which would lame all technical development (it's already lamed enough like it is now), therefore you may observe, study or test the functioning of any program you fancy (the reason is that they could not have forbidden it anyway :-) sipping your favourite Martini
There is another point at art.7.1.(c) that refers to "technical devices which may have been applied to protect a computer program", which could be of interest for us:
...Member States shall provide, in accordance with their national
legislation, appropriate remedies against a person committing...
(c) any act of putting into circulation, or the possession for commercial purposes
of, any means the sole intended purpose of which is to facilitate the unauthorized
removal or circumvention of any technical device which may have been applied to
protect a computer program.
But this refers -at most- to dongles-cracking and it is clearly intended for mass-burning of pirated cd-roms (which BTW is a big industry in the far East and in the Ex-Yugoslavian Lilliput states)
US law seems to be more restrictive (which is obvious, given the way our planet is ruled, since the States lead themselves the software industry and therefore defend their own interests... software protection laws will probably be much more permissive only when the new software will be mainly produced by the poor countries), see, for the differences between European Union's laws and US' laws
Here is an interesting snippet about disassembling and law in the States, 1992
Disassembly of Object Code
Sega v. Accolade, decided by the Ninth Circuit in 1992, makes clear that, in certain instances, the unauthorized disassembly of a computer program's object code in order to derive source code is not a copyright infringement. The Ninth Circuit applied the 'fair use' balancing test to determine that Accolade's use of reverse engineering techniques to produce an 'intermediate copy' of Sega's source code did not constitute copyright infringement. Accolade never distributed the intermediate copy commercially, but instead used it only to extract unprotectable ideas � a sequence of bytes which act as a software key � from Sega's game program. This key was then incorporated into Accolade's games, enabling them to 'unlock' and run on Sega's game platforms. The court cautioned, however, that disassembly involves the making of a literal copy of a program, and it is permissible only when necessary to extract the unprotectable ideas. It is unclear how far this fair use right extends.
This brings us nowhere... the whole subject seems pretty unregolated as for now... it would be worth to examine and "reverse engineer" (if you are a lawyer or a specialist in applied semantics) the various "scarecrow" information that we always find inside all software packages... some of them are so severe and unpolite that seem written by an Orwellian fanatic or a "Farenheit 451" follower :-). See below about this aspect.
WHY WE CRACK
Now the "why we crack" part: We are defeating mainly copy protection schemes (but see my two lessons on how to completely reverse engineer a Windows 3.1 application) because that's fun, and this way we can get a lot of people on the bandwagon, for the challenge, and because we believe firmly that every knowledge (in fact I believe everything) should be free (in the web and in the whole world)... but we are doing NOTHING at all compared with that what is really happening around you:
Every program you can think of can be found on the web, (in thousand different ftps) in its COMPLETE version many WEEKS before it ever appears in the best shops, as everyone with intelligence level "eggplant" soon discovers.
There are obviously differences among all the stupid countries of the planet... You may want to have a look here in order to consider where you would be able to buy/produce pirated software or where you should install your server for more "aimed" reverse engineering activities or whatever:-) Besides, since there are "money" and "tax" paradises (and -how funny- nobody makes much fuss about that), why shouldn't there exist "software" paradises? (Obvious answer: because money paradises are useful for the rich, software paradises would be useful for the poor :-(
And that's the huge "illegal" part of it, but there is also a huge "legal" pirating (forced by the fierce concurrence in the software market and by the mere existence of the warez scene on the Web):
Programs and applications are being now sold on Magazine's CD-ROMs IN THEIR COMPLETE VERSION few months after their first appearence for next to nothing... this began in Europe 5 months ago and the rithmus (and the quality of the software) has increased enormously: I saw some days ago Panzer general 2 complete (CD Player n.19), Ticonderoga complete (both not at all so old games: late 1996!) Database 5 and the whole Lotus set '97 complete and unrestricted (PcPlus 35b, with the complete Borland Delphi 1 and the complete "ImagePals" as well) on various magazine's cd-rom. The same Lotus set was, for instance, sold in its boxes at the software retailer for TWENTY times the magazine price, it may sound illogic, but it is exactly so... Lotus is scared dead to disappear (thanks to the Micro$oft war against all other software producers... funny, there never seem to be any law against this kind of actions , btw :-( and Lotus is therefore compelled, like Netscape, to give away for free its software just in order to survive... yet even these magazines with 600 megabytes of good software on them every month are selling less and less (hence the fierce concurrence) because everything is already on the web for free...
And all this is only the top of the Iceberg: Hundred of THOUSAND of BBS all around the world push around tons of Megabytes of pirated software, which to day you may easily burn on cd-roms in order to distribute them at your friends on your birthday party. Cheaper than buying a cake
And that was for the big commercial" software companies. Shareware programmers are NOT damaged by good crackers (who study assembly and are mostly programmers themselves) but by themselves, when they program with useless overbloated languages huge toy-applications and by "serial numbers aficionados", people that prepare and distribute huge lists with millions of validation codes that you can find everywhere on the web.
On our pages there is not a single pirated copy of software... we do not need pirated copies since we are able to crack them in spades anytime we fancy (or to fetch them immediately from the web... we don't even need to keep programs on our harddisk any more, would be like hoarding leaves in a forest) besides we do not even care much for the software we crack... in fact (apart our beloved Softice) we are much more interested in the protection schemes themselves than in the software they protect, which most of the time is pure crap. As you'll see in some examples of +ORC's tutorial and in many students' essays, we even AMELIORATE the programs we crack.
We do not steal, we study, and the software development will soon depend (and in part depends already) from the capacities that we (and almost nobody else) are developing: who else if not a cracker will in few years time be able to compact and ameliorate already existing, lame applications? I believe the society is already changing, and in my opinion the fact that you have worked in something like the +HCU will soon open you quite a lot of doors :-)
As you'll read on the (very important) student page, one of our problems, is that the protection schemes are (mostly) incredibly stupid. That's why we have decided to begin writing and devising much stronger protection schemes ourselves... for the challenge and in order to improve ourselves, seen that the commercial programmers are not able to give us any "cheap thrills" any more... how could they? Most programmers seem to work for useless money, not for the (very important) pleasure, nor for the only thing that really matters in this new age we are already in: knowledge!
You may want to have a look at some programmers' discussions in my counter intelligence section, at some advices for programmers in my How to protect better and programmers' corner sections.
THE SCARECROW AGREEMENT SAGA
('Legal scarecrow' agreements are NOT legally binding)
Most licence agreement (that thing that you click "I agree" on and never read, where you agree to give up your first born child and let your sister be sold as a slave :-) include a clause that prohibits reverse engineering. A couple of examples...
IF YOU AGREE TO THE DISCLAIMER AND LICENSE YOU MAY: (i) use this software on as many computers as you wish at no charge for up to but no more than 30 days. After 30 days of use you must either discontinue the use of this software or purchase a registered version for each computer that you are going to use this software on. YOU MAY NOT: (i) sublicense, rent, sell, or lease any portion of this software; (ii) reverse engineer, decompile, disassemble, modify, translate, make any attempt to discover the source code of this software, or create derivative works from this software; or (ii) continue use of this software after your 30 day trial. DISCLAIMER OF DAMAGES: We have made every effort possible to ensure that this software is free of any bugs or errors, however in no way is this software to be considered error or bug free. By using this software you assume all responsibility for any damages or lost data that may result from any errors or bugs in this software. Regardless of whether any remedy set forth herein fails of its essential purpose, in no event will our Software house be liable to you for any special, consequential, indirect or similar damages, including any lost profits or lost data arising out of the use or inability to use this software...
Note that you should not "reverse engineer, decompile, disassemble, modify, translate, make any attempt to discover the source code", as if the source code of a software product were a 'private secret' that third parties are not even allowed to examine...
Here another example:
You may not: * permit other individuals to use the Software except under the terms listed above; * permit concurrent use of the Software; * modify, translate, reverse engineer, decompile, disassemble or create derivative works based on the Software; * copy the Software other than as specified above; * rent, lease or otherwise transfer rights to the Software; or * remove any proprietary notices or labels on the Software. TITLE Title, ownership rights, and intellectual property rights in the Software shall remain in Our Software house and/or its suppliers. The Software is protected by the copyright laws and treaties. Title and related rights in the content accessed through the Software is the property of the applicable content owner and may be pro- tected by applicable law. This License gives you no rights to such content. TERMINATION The license will terminate automatically if you fail to comply with the limitations described herein. On termination, you must destroy all copies of the Software and Documentation.
Here there seems to be an interesting possibility. I reverse the software. License has been violated and terminate. I then destroy all copies of the software, and have then respected the licence. And so on ab absurdo. Like the never-ending sentence "All crackers are liers, lied the cracker".OK, it is clear that such 'scarecrow' agreements are as funny and preposterous as you wish, yet of course NOT legally binding. Let's demonstrate it ab absurdo: If they were legally binding, then ANY agreement of this sort would be, and then anyone, you or me, could prepare on his own a small program (I promise that I'll really write it myself as soon as I find the time) that acts as a small 'wrapper' for all this kind of software (I really wish that a good lawjer will correct this in order to make our own 'legal scarecrows' even more dangerous-looking than those used by some softwarehouses...):
Your software is entering my private computer. By trespassing this memory point you agree to allow complete possession of your software to the legitime owner of this computer, and specifically you completely and irrevocabily agree to allow any modify, translate, reverse engineer, decompile, disassemble or create derivative works based on this Software that the legitime owner of this memory fancies.
You also declare as void and inexistent any other conditions/agreements regarding your software that may preposterously be triggered by your software inside the RAM hosting you.
Finally you accept also COMPLETE RESPONSABILITY for any malfunctioning your software will have caused to the owner of the hardware you are allow to visit -take note- ONLY if you accept this.
If you don't wish to accept these conditions, please leave immediatly this private memory and completely remove you software from this private hardware.
By trespassing this memory point you have completely agreed to the above. [add date with hours, minutes and seconds here] + [Sign with the version name of the software]
Ab absurdo, as I said... yet, see, either both "agreements" are valid or neither is... you cannot have the cake and eat it.
I would say that we could keep it this way: anyone may reverse the hell out of everything, provided he does not steal or sell alien code.
The only binding texts are the NATIONAL LAWS governing software reversing and we have already seen that 'at least in the European Union): 5(3): 3. The person having a right to use a copy of a computer program shall be entitled, without the authorization of the rightholder, to observe, study or test the functioning of the program in order to determine the ideas and principles which underlie any element of the program if he does so while performing any of the acts of loading, displaying, running, transmitting or storing the program which he is entitled to do..
And that's it, if you want to have a look at OTHER METHODS to avoid this legal hassle, have a look at my short essay Scarecrow license agreements and how to defeat them.