Why the World Needs Reverse Engineering

bl968 writes: "Zdnet has an article entitled "Why the world needs reverse engineers." The article covers among many things the Cuecat barcode scanner and some of the reason the hardware or software manufacturers dislike reverse engineering of their products. Privacy violating serial numbers anyone? Security problems and the DMCA are also touched upon."

Checks and balances

[Adam9]

Reverse engineering is one of the few things consumers can do that can check the quality, integrity, and for the most part, ethics of a company's product. It can be most compared to the government's checks and balances system, except where the real power lies wit hthe consumer in this situation. Almost seems like the exploits that are released for security holes, it might seem evil, but it's needed to keep the corporations on their toes.

Blizzard

[Goldberg's+Pants]

I seem to recall going back when Starcraft came out that someone reverse engineered it to write, I believe, a Battlenet server type program. Blizzard sent the guy a cease and desist order and said reverse engineering was illegaly, usual legal spiel. He stood up to them and said no and they threatened legal action but he stood his ground and they backed down.

A collective community dedicated to reverse engineering, say, the Cuecat would stand a much better chance of fighting the stupidity of the designers claims than if the developers stay in disparate camps. One collective force will put up more of a fight then a bunch of little camps. I think that is probably the only way that reverse engineerings laws will be changed, and even then it is going to take a LONG time.

---

Reverse engineering: bane or boon?

[Kreeblah]

The benefits of reverse engineering apply not only to the consumer world, but also to the coporate world. Consumers get detailed info on the innards of a particular piece of hardware or software, and companies scream bloody murder. What they are ignoring, however, is the opportunity to improve their products. The reverse engineering people are a perfect target market. Companies can give (or sell) initial versions of their products to reverse engineers, in the HOPES that a security flaw or bug will be uncovered. They can reduce their PR problems by fixing the major (and, hopefully, minor) bugs and security holes in their products BEFORE THEY BECOME A MAJOR ISSUE. This benefits companies in another way, as well: a decrease in their quality assurance budgets. By turning over their products to a few people to play with, they don't have to spend hundreds (or, in some cases, dozens) of man-hours testing a product for bugs. You can be sure that reverse engineers will either be pushing the product to the limit, or going over every square inch of it to try to figure out how it works. This brings me to a third point. Companies can use reverse engineers as a test market for new tech toys. Wouldn't it have been nice if Digital Convergence had decided to let people use their devices for USEFUL purposes? They could have found out any number of applications for them by simply giving them out to people who would have some idea of the implications of such devices.

I've posted it before, I'll post it again.

[AFCArchvile]

"Joe Sixpack and Vinny Bagadonuts [don't] care about [the] DMCA, freedom or anything like that. As long as the football game will be broadcast on time they're happy."

Well, it's time to MAKE them care, by making them aware of the impact that the DMCA will have on their lives. It might turn out that Joe Sixpack downloads his favorite Elvis Costello tunes from Napster because his LP's are scratched beyond recognition. And what if he wanted to get DVD soon, but didn't want to worry about the MPAA charging him a flat rate to play the movie? Then he should start caring about how the DMCA will affect his life.

One of the major reasons why I hate the DMCA is because of how it became law: a joint venture between the MPAA, RIAA, and the government. In no way was this act approved by the US citizens. The very fact that the DMCA will become law soon flies in the face of this passage of the Declaration of Independence:

We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty, and the pursuit of Happiness. That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed. That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness.

From the consent of governed. Now, did we give any consent to have the DMCA passed into law? NO. Were any referendums held to study public opinion on this issue? NO.

The DMCA IS destructive of the ends established in the Declaration, and it is our right to abolish the DMCA. It is not only our right, but now it is our responsibility to eliminate the DMCA. The DMCA will affect our happiness in the future; we will become drones, being forced by the MPAA to shell out X amount of dollars to watch a pre-recorded movie for Y amount of time. Even worse, the RIAA might soon mandate that we pay for FM radio by the minute. I fear that this idea (or a similar incarnation) isn't far off.

Do I sound a little like Henry David Thoreau? Good! It's nice to know that I'm one of the only remaining Transcendentalists in the US.

I'm a Reverse Engineer

[goingware]

I also posted this in the discussion at ZDNet, although it hasn't been posted by the moderators yet as I write this.

I'm a reverse engineer. The very first contract job I did when I started my new consulting business was to reverse engineer the file format for a project management database used by the motion picture industry.

My client, Graphical Planet, wanted to make a product that would interoperate with Movie Magic Scheduling. Only the Movie Magic publishers wouldn't tell them how, and in fact were quite unfriendly towards them.

We initially agreed that I would complete the reverse engineering in a week and be paid $1500.

It actually took me three weeks, and was some of the most difficult work I have done as a programmer - while it was interesting, it was mentally painful, like cracking an enemy code. Perhaps what made it worse was that I desperately needed the money and only would get paid if I succeeded.

In the end I was able to write up a detailed file format specification document, and I also wrote a C program that would dump the contents of a MM project file into a human-readable text file. I successfully tested it by dumping out the full project file from an actual full-length motion picture.

How did I do it? I created lots of little sample files, for example, my first document I added only the letter "A" in one field, then made a second, where I changed that to the letter "B". I made hex dumps of the files and then compared the hex dumps. A lot of the work went into trying to find the best kind of files to make for my testing.

I want to point out that, until the DMCA reverse engineering was always perfectly legal in the US, and in fact state trade secret protection laws specifically grant reverse engineering an exemption from trade secret protections.

Even now, most things are still legal to reverse engineer, and I think it is likely that the DMCA will be found unconstitutional - or some applications of it will be, for example the Content Scrambling System is clearly a violation of well-established antitrust laws.

One of the reasons that reverse engineering is legally protected, I understand, is that it is not the public's objective that novel inventions be kept secret.

What the government would prefer a company do if it wants to have a monopoly over an invention is to apply for a patent, because part of the patent application is a full disclosure of the invention (sufficiently detailed that some one expert in the art could reproduce it), and then the monopoly is granted for a limited time.

Twenty years may seem like forever in high-tech, but keep in mind that the monopoly does eventually come to an end. This is why we have generic drugs, for example, and also not that the patent on RSA public key cryptography, the basis of PGP encryption and the SSL or secure socket layer, used for https secure web pages, expired in September of this year.