| Robert Lou |
|
This is a slight OT, but at first I thought someone actually made an FPS based on the Bolshevik rebellion. You had no idea how excited I was for a moment, and how let down I was after googling it and getting the gamasutra article as my first hit :P
|
|
|
| Mike Lopez |
|
Hmmm. Good to know I guess. Call me a cynic but wouldn't the author's clients be all the big Publishers who own content and would therefore have a vested interest in dissuading (scaring) the public away from reverse engineering any of their works? I have no interest in reverse engineering, nor do I have the know-how to do so but I do wonder if all the motives here are not also serving double duty for those big fish publisher clients.
The irony of an article about the legality of reverse-engineering software is that more than one of the big game publishers of today were openly reverse engineering many of the early consoles (Genesis, SNES, PSOne, etc.) during the early and mid 90s as a matter of business in order to gain an early competitive edge, and also so they did not have to rely on notoriously weak development libraries at the time of launch or to compete for a limited amount of grossly over-priced dev systems. Now those publishers are the most vocal in crying foul when individuals do the same. I have no problem with enforcing against outright piracy but going after the Mallory's of the world seems pointless though I am sure it happens all too frequently. |
|
|
| Mona Ibrahim |
|
|
No, I do not represent any big publishers. On the contrary most of my game-industry work is education-oriented, and the clients I have in this sector are all small indie developers.
I don't know if what you're referring to is necessarily ironic. As I said, reverse engineering isn't inherently illegal; it's just not something you should pursue with your eyes shut to potential legal pitfalls. Several cases have dismissed reverse engineering charges (particularly in the console department) on the grounds that it is, in many cases, both legal and advantageous to public policy. |
|
|
| Chris Remo |
|
Mike,
Not to put words in Mona's mouth, but this article doesn't espouse any moral judgments, only legal analysis. There's nothing ironic about what you describe. Regardless of whether the actions taken by such publishers were justifiable, there are legal considerations to consider in this area, and this article outlines many of them. |
|
|
| Tim Carter |
|
|
Mike, if you strike down IP rights because you don't like big publishers, you will strike down those rights for all of us.
|
|
|
| Dan Rosenthal |
|
Hi Mona,
Great to see another article from you. One additional side note that I think might be relevant in your article: in addition to the provisions of section 1201 of the DMCA, it's potentially possible to run afoul of section 1202, which safeguards the integrity of copyright management information. For instance, lets say someone was reverse engineering a game, and some portion of the code was affixed with CMI (and by this, I mean in commented into the code). If that is modified or deleted in the reverse-engineering process it creates a situation where a violation of 1202(b) is possible, especially with the reduced scienter requirements (i.e. reasonable grounds to know that it would facilitate or enable an act of infringement). It's especially relevant given the broad definition of CMI outlined in 1202(c): CMI can include simply the name of and identifying information of the work's author. I just envision a situation where some aspiring reverse-engineer is pulling apart lines of code, and chops out the //commented lines identifying that particular bit of code's author and such (personal or corporate), and then when he gets hit with the the copyright infringement claim under the Copyright Act, and the 1201 claim under the DMCA, they also are able to slap on a 1202(b) claim because actions removed or modified CMI and he had reasonable grounds to know that doing so would facilitate the act of infringement. Since 1202 claims are significantly more valuable in terms of statutory damages than 1201 claims, especially when you're looking at multiple violations or facing the treble damages clause, that could be a really bad situation. |
|
|
| Aesir Rising |
|
|
@Dan Rosenthal re: "..pulling apart lines of code, and chops out the // commented lines..."
Code comments exist in source code files. If you have source code, you're not reverse engineering anything. Unless I'm misunderstanding the scenario you envision. |
|
|
| Mike Lopez |
|
|
I stand corrected. My apologies.
|
|
|
| Ron Newcomb |
|
Even in academia, Computer Science grad students, when they pick their specialization, are frequently steered away from studying reverse engineering. It's partly the universities' worry about liability should the student actually, you know, find magical ways of decompiling Microsoft Windows or whatnot, and partly that the job openings for such a specialty are rare. Many academic disciplines in the science & engineering side of things have their taboo specialties and black arts; decompilation is Computer Science's.
|
|
|
| Roberto Alfonso |
|
|
Interesting article, and comments from Dan. I believe it is also legal to reverse engineer if the application holds a complete monopoly of the market and the company barred third parties from utilising its services. Don't take my word for it, but the few times I have been involved in reverse engineering our bosses told us it was perfectly legal because the application held a monopoly on its own and federal laws prevented them from that.
Unless our bosses lied ^_^; |
|
|
| Dan Rosenthal |
|
|
@Aesir Rising: The two aren't incompatible; for instance if one was able to gain access to a portion of the source code, but was forced to reverse-engineer the best. Or, (and here's where my coding knowledge fails as I'm a writer, not coder) aren't there decompilers out there that will literally revert a compiled, packaged game into its relevant source code files? Mona alludes to this in her article:
"Tools used to reverse engineer a game include debuggers, disassemblers, and network protocol analyzers (packet sniffers). The essential function of these tools is to give the programmer access to data revealing the precise functions and mechanics of a program so those functions and mechanics can be reproduced [...]" Mona's comment also seems to allude to this qualifying as reverse-engineering. "[...]with minimal or no use of the original source or binary code." i.e. minimal is a non-zero value for use of the code. I wouldn't want to speak for her as to whether she'd agree with my assessment, but I think it stands to reason that a plausible argument can be made. And of course the 1202 removal/modification of CMI claim can stand so long as it was enabling or facilitating the act of infringement; it does not have to happen at the same time. There is a lot of room for creative arguing by plaintiff's attorneys here to paint a reverse-engineer in a negative light, as Mona points out with the large number of potential causes of action they can play with. |
|
|
| Wyatt Epp |
|
Dan,
It's a bit more complicated than that, actually. The first thing to know is that comments in code are so-called because they are ignored by the compiler; they're not part of the binary. This is why one can put a line or block of code in comments and it won't end up in the compiled binary. This doesn't preclude files that are interpreted from bare ASCII, but from what I've seen, that's rather rare in a shipping product. Second, disassembly doesn't return things to the state of the original source; this is actually nigh-impossible, even with substantial human input (assuming a release build. Why would your users have a debug build anyway?). It puts it in an intermediate (processor-specific) state that's just one step removed from machine code, where much of what you see is direct manipulation of individual numbers and addresses. For a more striking comparison, consider the following: C Code: int main() { write(1,"Hello World!n", 13); return 0; } objdump Disassembly: push %rbp mov %rsp,%rbp mov $0xd,%edx mov $0x400624,%esi mov $0x1,%edi mov $0x0,%eax callq 400440 mov $0x0,%eax leaveq retq Quite the difference, eh? And that's about as simple as a program can get; even a tiny game is several orders of magnitude more complex. You may note the presence of the write call in the assembly, but it's rather common for commercial developers to take steps to obfuscate the names of program symbols, so it can be extremely difficult to make heads or tails of these things. And there you have it: a brief and incomplete intro to that gray area down near the metal! Hope this is understandable. |
|
|
| Dan Rosenthal |
|
|
It is, thanks. Still, I think the risk exists potentially somewhere in any of the thousands of files in a game that could potentially contain CMI that could get stripped in the reverse-engineering/re-compiling process. Perhaps a slim one, from the way you describe it to me, but one with potentially sizable consequences.
|
|
|
| Jonathan Arsenault |
|
|
First off the DMCA only apply to the USA the rest of the planet are pointing and laughing... Even if you are American and the DMCA apply to you you can go and disassemble/analyze the application to your wish, but you cannot legally use the information gathered so, another party can then use the information you gathered and create anything they wish with it as they are not the party who performed the reverse-engineering operation, quite easy to see in this case that even American company can subcontract disassembly job oversea, although in this case they still need to uphold American law they can use the information to the hearth wishes. I am not a lawyer, but have been involved with a number of company working in the OSS field and this is how most of them rolls, and this is how Samba's contributor were briefed by Novell lawyer army.
@Wyatt Epp: Company shipping Debug build is something that sound retarded indeed, but that i have seen many and many time before been done, beta's product most of the time. Objdump is pretty basic, way better disassembler exist out there, IDA Pro Advanced for a first. for example i would dissemble this: #include int main() { std::cout << "Hello World!" << std::endl; return 1; } To this: ; int __cdecl main(int argc, const char **argv, const char *envp) _main proc near mov eax, ds:?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z ; std::endl(std::basic_ostream &) mov ecx, ds:?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A ; std::basic_ostream std::cout push eax push ecx call sub_401160 add esp, 4 mov ecx, eax call ds:??6?$basic_ostream@DU? $char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z ; std::basic_ostream::operator<< (std::basic_ostream & (*)(std::basic_ostream &)) mov eax, 1 retn _main endp (Plus hundred more page of std functions, data segment, etc, etc, starting at subroutine at virtual address 401160.. see http://img196.yfrog.com/i/idap.png/) |
|
|
| Dan Rosenthal |
|
|
Jonathan: don't be so quick to laugh at the DMCA. Any company that wants to do business in America can't argue with it, and as I understand most of the rest of the (industrialized) world is looking at adopting its provisions under the ACTA treaty, that's not counting the ones that already exist under WIPO, WCO, as well as your many national laws, possibly even your own. Taking a cavalier attitude towards reverse-engineering is simply inviting trouble. Laugh at us Americans all you want, but by next year you'll also be laughing at the EU/EC, Japan, Korea, Australia, Canada, and a half dozen other countries. Where would you distribute your newly reverse-engineered game then?
|
|
|
| Jonathan Arsenault |
|
|
@Dan Rosenthal
Sure just saying that using a proxy in this case allow one to avoid many common pit fall and circumvent such law. I could distribute it just about anywhere given the fact that group A disassembled application A, make detailed rapport of wanted function/feature, transmit information to Group B who make product B from said information, for all i care Group A could be from Russia, China or some crooked businessman mind... well yeah am a bit raw, sorry, my employers usually forbid me to enter in contact with the external world or clients ;) |
|
|
| Wyatt Epp |
|
|
OT @Jonathan,
Yes, it does lack frills, but it's completely sufficient for this exercise. The goal was to quickly teach a professed non-programmer the difference between normal code and assembly, and he says the goal was accomplished. This is also why I went with pure C and the write() syscall rather than something more "friendly". (C++ is not my friend, and I will not be letting it see my privates. ;) ) |
|
|
More: Console/PC, Exclusive