Slashdot Mirror
Obfuscated Circuitry?
ortholattice writes "The current issue of EDN
has an article
Cunning circuits confound crooks
that discusses methods that attempt to foil the viewing of software
in embedded designs. Interesting is its view on reverse-engineering,
which the article consistently calls
theft:
"As programmable logic increasingly encroaches on high-volume territory
formerly dominated by ASICs, unscrupulous operators are licking their
lips at the prospects of easily duplicated, or even reverse-engineered,
designs."
"...The other harder but possibly even more damaging form of theft
is 'reverse-engineering'...""
I remember when the original VideoCypher system for TVRO (satellite TV) came out. The codes were held in battery-backed RAM. You could not loose power or you lost the code. The guys who hacked it actually drilled tiny holes in the chips, added a drop of mercury, then used the mercury as a conductor path to connect logic analyizers. They would read the outputs from the pins and compare them to what was going on in the chip and wound up cracking the DES encryption. Cpt_Kirks
I've worked with embedded systems since the early 80's. You can obfuscate stuff all you want, but it will not stop someone that really wants to copy something from doing it. All you can do is make it a little harder for them to do. In the end if they REALLY want the information they can get it.
As for legality it all depends on what they do exactly and where.
If they grab your copyrighted 'code' and just clone it, then that is a copyright violation in many countries.
If they reverse engineer your system by examining the i/o patterns, then it might by a violation in some countries, not many at this point.
Either way if you are going to try and rely on obscrutity to protect your market share, you will be in for a very rude awakening.
"Reverse Engineering" didn't create PC clones. All of the cloning companies simply created a processor that followed the same (freely published) instruction set and rough timings, so that the software still worked. The underlying hardware is irrelevant as long as the interface is the same.
One, Hemos just okayed the writeup someone else submitted to the queue. He didn't add any comments to it, except the "dept" tag and possibly the title.
Two, Hemos' job can be stated as publishing stories on the front page that will generate lots of page visits. To troll, in the fishing sense, is to put bait out that will generate lots of bites on the hook. Thus, Hemos is a troll, but that's his job.
If you don't want to be baited, don't go somewhere that constantly and loudly claims to have nothing to do with professional journalism. They intend to get people to talk, even if it's on a gut-reaction level, as that is what pays the rent.
[
Modern versions of Photoshop would never have been created if Adobe did not know for a fact that there were others out there attempting to produce a better product with similar capabilities. Imagine Adobe had patented the use of a computer for the retouching of photos. Why waste money on development when you have a monopoly? Fire the programmers and let the public complain about missing features all they want; anyone who produced a competing product could be sued out of existence.
It is the competition between the Adobes and Corels, the Intels and the AMDs, that has driven the fantastic pace of innovation these last 40 or so years. Allow every single invention bullet-proof protection from competition and you will see the pace of change slow to a crawl.
[tinfoil]And the worst part of this is, when the economy goes south because of this, the rich will just get richer. Sometimes I think they're driving the economy into the ground on purpose.[/tinfoil]
If you mod me down, I will become more powerful than you can possibly imagine.
No, that's defined as infringement of a copyright monopoly.
That is legally defined as theft.
No, it is not.
In the case of copyright infringement, making money off of somebody else's copyrighted work is legally defined as copyright infringement, and is explicitly (and with good reason) not equated to theft.
Making money by reverse engineering a product was never, before the DMCA, defined as copyright infringement, and most certainly not theft.
Now we have the DMCA, and the dawning of an age of verticle monopolies enforced at the end of a government gun the likes of which we haven't seen before. Why. Because the only damn way anything is going to interoperate in the future is going to be via controlled, licensed standards, which will always put competitors at a disadvantage and, probably quite quickly, lead to their demise.
The DMCA pays lipservice to "interoperability," but only as a sole purpose, and as any engineer will tell you, very little if anything on this planet can ever be said to have a "sole" purpose -- applications for products are always found which suprise the original maker. As the courts have said "interoperability" as merely one of several possible applications does not suffice to fall under the "interoperability" exclusion of the DMCA, this effectively means no reverse engineering at all, even for interoperability. End of story.
Fools like you will continue to scream "theft" where no such thing exists, and the even greater fools who run our government will probably listen. And thus ends the age of exponential growth in knowledge and technology, not with a bang, but with a wimper beneath the authoritarian thumb spawned of the greed of own corporate industry and the government which whored itself out to them, and the myopic short sightedness of folks like you.
The Future of Human Evolution: Autonomy
And thus the real damage of the DeCSS case takes hold. Now, the act of studying things to find out how they work (reverse engineering) is redefined as "theft".
I would rather companies that are intent on keeping their technology secret make it harder (physically) to extract rather than resorting to legal tactics. I personally believe that everyone has the right to reverse engineer anything they want to, but nobody said that the company creating the product has to make it easy.
There is a drawback though. The more complex the circutry becomes, the harder it will be to debug problems in the circuits and this will lead to longer production cycles which will give the feared competition a leg up anyways. Always a tradeoff.
-Restil
Play with my webcams and lights here
2) DirectX technologies are either patented by MS or licensed (circumventing this MIGHT be possible, reverse engineer them, find a different way to do the same exact thing)
3) The Windows task bar is patented (yeah, I know...)
4) The registry and the manner it is modified, protected, installed, etc is patented
5) Crashing to an unusable state is patented (Microsoft made sure to get that one)
You get the point.
Burn Hollywood Burn
DirecTV receivers contain a smartcard which serves as an authentication token to the receiver. The smartcard can be reprogrammed via a datastream in the satellite's signal. Once you've successfully pointed your dish, you call up DirecTV and tell them the number on your smartcard. They in turn send a signal in the satellite's datastream that activates the card.
DirecTV is currently transitioning from its second ("H") to its third ("HU") generation of smartcards. (The first ("F") generation was cracked and phased out long ago.)
Cracks exist for the H cards, but here's the catch: Nobody's ever cracked the ASIC on the H card. The best anybody's been able to do is figure out how to reprogram the firmware in the H card to harness its ASIC for their own nefarious purposes. H card emulators exist, but even they need an actual, physical H card plugged into them.
Why bother with an emulator, then? Good question. DirecTV buys and analyzes pirated H cards and devises ways to reprogram them via their satellite data stream in such a way as to disable them but leave legit users untouched. These electronic countermeasures ("ECMs") can reprogram the card into an irreparable infinite loop, whereas an emulator can just be terminated and reprogrammed once a counter-countermeasure is devised.
In the near-to-mid term, DirecTV will send HU cards to all of its subscribers, and then make the H cards cease to function. As far as I've been able to find out, no cracks at all exist yet for HU cards.
--
whuppy enjoys smelling like diesel fuel
reverse engineering deemed by the supreme court as fair use? The fact that a news organization would post an article like this calling people criminals is well, criminal. Somebody needs to send a clearn message to these news agencies telling them that we wont stand by as they push the big biz agenda.
"sex on tv is bad, you might fall off..."
I lost my concept of community when my community lost all concept of me.
Lets give this guy a call, shall we?
Let these writers know that one sided views are not cool
Author Information
Contact Technical Editor Brian Dipert at 1-916-454-5242, fax 1-530-937-8147, e-mail bdipert@pacbell.net
"sex on tv is bad, you might fall off..."
I lost my concept of community when my community lost all concept of me.
What do you think would happen if someone created a fully-functional Windows clone? Something that looked almost exactly the same, minus the logo and the name, something that had the stability of Linux and the same UI, binary format, layout, etc, of Windows...?
This should be completely legal, but $10 says Microsoft would go after it. And that's just dumb.
Mike
"I would kill everyone in this room for a drop of sweet beer."
Some parellels have been drawns to DeCSS; reverse engineering in order to gain access to what we have a legal right to under fair use, for personal use. There's a big difference ethically and legally.
Yes, the writer of the article throws around some terms a little too freely, but I don't think it's a big deal taken in context.
My mom is not a Karma whore!
I understand I'm a bit 'popular' on slashdot.org today ;-) I'll say publicly what I've said privately to everyone who's written me so far; although I admit that I didn't explicitly state this, what I meant was reverse-engineering with intent to illegally re-use IP protected by copyright and/or patent. I even mention legal reverse engineering when I brought up Integrated Circuit Engineering....
;-)
It appears from some of the earlier-made postings I've just scanned that some of you figured this out already. I thank you for defending me. And for those who I confused with my less-than-exact wording, I apologize. Profusely. Now quit clogging my email inbox!
I'll be publishing a print clarification of this point in an upcoming issue of EDN.
Regards,
Brian Dipert
The author doesn't call reverse-engineering theft. He says that in this type of theft that he is reporting on, one of the more sinister versions of it is reverse engineering. The author is writing an article about preventing design theft. And he isn't really talking about theft in the legal sense, although he does bring it up. He talks about keeping people from snaking your work, regardless of whether you have a legal right to protect it (i.e. copyrights, patents, trade secrets, etc).
Does he flat out say that reverse-engineering is illegal? No! In addition, all of his examples involve theoretical rival companies, not an evil band of OSS zealots.
From what I read, the author's view is that reverse-engineering is a tool that can be used to commit IP theft, and here are some ways to prevent it.
Sure, you can use my identity and by $50 million i bananas, I don't mind that, but you'll pay for them.
I am an individual, not a company. Companies and individuals have different rights. If someone creates something, other people should have the right to study it and create something like it based on their findings.
Mike
"I would kill everyone in this room for a drop of sweet beer."
About 20 years ago, a friend of my Dad's made a couple of million dollars selling specialized hardware devices to accupuncture quacks^Wdoctors. Most of these devices were dead simple electronically, and this guy approached my Dad to get some ideas on how to make the guts all fall to pieces if anybody tried to take the box apart. Mostly he did it with fake circuits and real ones expoxied to one surface of the box wired to other fake circuits or real ones on other surfaces of the box so that if you took the box apart, both the fake circuits and the real ones would have wires rip out, making it harder to see which circuits were real.
The next Cmdr Taco duplicate will be ready soon, but subscribers can beat the rush and see it early!
Any of you lawyer types, feel free to correct this - but from what I understand, there are no legal protections for a trade secret. However, there are legal protections for a person or company that decides to disclose a trade secret to another person or company, if they identify it as a trade secret.
In other words - if they tell you what the trade secret is, and that it is a trade secret, they they can hold you accountable if you disclose it to someone else without their permission. If you lie or comit breach of contract in order to gain the secret, then you're right - that's essentially theft; but then again, there's no reverse engineering involved there. If they never tell you what the trade secret is, and you discover it on your own, then it's game over - their secret is no longer a secret, and you have every right to make use of it.
There's a tradeoff here - if a company gets a patent on an invention, process, or what have you, then they have a legal monopoly on it for a few dozen years in return for disclosing their secret. If they don't get a patent, then they can keep their secret as long as nobody discovers it, which might be a good long time (for example, Coke) or might not last more than a few years.
"Great men are not always wise: neither do the aged understand judgement." Job 32:9
Although most slashdotters won't agree with me on this point, I'd be totally happy if I found out one of my competitors was stealing my design. Because I have a butt-load of patents protecting it, and if my competitor wants to sell his product in any major market, I'm going to sue his ass into the ground.
As for adding protection against reverse-engineering it simply commits too much cash to the design to make it worth-while.
Preventing someone from stealing your designs, is like any other type of theft, no matter what you do, a determined thief will still be able to steal it.
Besides his prevention method only discusses a black box type look at things. What if its a professional reverse engineering company like Semiconductor Insights decides to reverse engineer it. They are going to take the chip, de-cap it, and reverse engineer the circuitry right off the silicon. What exactly can you do to stop that?
Anyway, basically this guy is selling a new lock, and what what you should be doing is buying theft insurance (i.e. patents).
This may sound shocking, but I don't care about the trade secrets of a company where I don't work. I never signed a non disclosure agreement with the company, so I never agreed not to disclose trade secrets.
Patents are designed to give the company a limited monopoly in exchange for them providing the rest of humanity with the information on how that device or procedure works... This is considered _good_ by most because it prevents knowledge from being lost.
However, a company has _no_ such protection for information that they don't share with humanity. Companies who wish to keep their information away from everyone employ a tactic know as trade secrets. This means that they try to keep information secret so that others can't do what they can do.
However this tactic has one serious drawback, other people can learn your secrets through looking at your products, or by simply watching your procedures... Then those other people can compete against you with your own information... We can't have that now!
If something isn't protected by a patent, it is fair game to be reverse engineered and that information used against them in a competetive market... If they feel like sharing then our society will reward them with a 17 year monopoly. Their choice...
Only the whiners go crying to court when their secrets become public knowledge... As if the court can somehow make everyone forget the truth... *laughs* No court is _that_ powerful.
-- Never make a general statement.
A couple of problems with #2
2. Unlimited reverse engineering aka "Perfect Reverse Engineering". All products may be disassembled and duplicated without hinderence of patent, trade secrecy, or any other form of intellectual property. Knowledge flow is instantaneous from creator to user.
That's exactly the way it works now. Even the disassembly and duplication of patented inventions is legal, so long as it is "for the mere
purpose of philosophical experimentation, or to ascertain the verity and exactness of the specification"
Trade secrecy laws do not protect against reverse engineering. Trade secrecy laws only protect against "insider jobs" -- where the trade secret is disclosed by someone who is contractually obligated to keep it secret.
The other applicable form of IP is copyright, and it is well established that you have the right to read copyrighted works, and thus, to understand them.
Outcome: The tragedy of the commons. Companies will play "wait-n-see" to see who comes up with difficult to engineer solutions to problems. If they are making a profit, they will not bother to spend money on R&D.
This is not what "tragedy of the commons" means. Tragedy of the commons only applies to depletable resources, like a silo full of corn. If everyone takes corn out of the silo, and no one refills it (or pays money which is then used to refill it), the silo will quickly empty out, and no one will have corn. IP is not a depletable resource, and the "tragedy of the commons" does not apply.
Copyrights and patents create incentives to publish, which is good, but also turn unlimited resources into limited, scarce resources at the same time, which is bad.
Here's hoping that we can remain civil, and arrive at solutions that provide a fair balance for each individual case.
Good patent and copyright laws maximize the amount of disclosure of inventions and publication of works, while at the same time minimize the tremendous accumulation of power that can result from granting a corporate monopoly over an unlimited resource. The fact that our media corporations, which are basically holding companies for copyrights on nearly all of the intellectual work of the 20th century, are quickly becoming the most powerful entities on the planet -- more powerful then even national governments, is a sign that the system is not fairly balanced.
The bits that you can read from an FPGA, or EPROM constitute "the code" and as we all know, code is copyrightable whether it be source, object, or machine code.
/. consider to be reverse engineering. If you want to copy the internals of a device in order to sell a "clone" that is theft. There has been much discussion in the courts over "clean room" implementations of workalikes, just ask intel and AMD. Their court cases clarified what you can and cannot copy and resell, and what you must build yourself from scratch(without looking inside) long ago.
/. folks would generally regard as rev-eng. That's not what this article is about.
If you want to analyze the signals generated by a device in order to build something compatible, or to build a "workalike" that is what "we" at
if I open up the hood of my car and figure out how it works and build another car, there is no legal recourse against me unless something in there is patented
This is correct unless something is copyrighted or trademarked. For instance, you can't make a perfect copy of a Cadillac, including the trademarked name and hood ornament and then turn around, call it a Cadillac and sell it as such. Nor can you copy the owner's manual and sell it. It is afterall, a book. OTOH, you can look at a car, see how it rolls, its doors open and so on, then build something with 4 wheels, engine, seats, and so forth and call it a car, and sell them all day long.
Just as with a CD which contains copyrighted bit patterns that are essential for its proper operation, you can make a personal copy or replica for your own use, so long as that "use" does not include selling or giving the copy to someone else.
Taking something apart in order to find out how to connect to it is what the
Good judgement comes from experience, and experience comes from bad judgement.
Good judgement comes from experience, and experience comes from bad judgement.
- W. Wriston, former Citibank CEO
If the circuit is copyrighted, then duplicating it and using it for your own use is infringement and illegal.
...
If the circuit uses patented elements, then using those same elements in your circuit is infringement and illegal.
If the circuit is only under trade-secret protections.. Well, if your secret ever gets discovered, you can do nothing to prevent widespread disclosure or use of it. (I assume that it isn't being disclosed in violation of a NDA contract.) If I found the secret recipe of coca cola in my cupboard tonight, I can start bottling my own drink. I can't call it coca-cola (trademark infringement), but I can bottle and sell it.
So, the question is: Is an FPGA circuit copyrighted or a trade secret? IANAL, but I would think that it would be trade secret. The company doesn't disclose the circuit to you, so why shouldn't it be uncopyrighted. If they disclosed it under copyright or patents, then they have a way to prevent you from copying it, or using ideas in it.
But, for anyone in the industry to think that you can send out millions of copies of a circuit, with no more than trade-secret protections, and think it's illegal for anyone to reverse-engineer and use it, then they're an idiot.
IMHO, this is just a risk of the business of FPGA circuits. If you make airplanes, expect to be sued by lawyers. If you sell tobacco, expect everyone to hate you. If you think that somkething has just as many rights under trade-secret protections as under copyright or patent protections, you're deluded.
Copyrights and patents exact a cost for their additional protections: Disclosure of the device or artistic work. You can either accept or reject the deal they offer.
... But in this case, it seems as if they (like UCITA/DMCA) wish to use law to rewrite the rules
Circuitry is the word.
Fill in cute tag line here...
If anyone wants the specifications and RAR files, I have sucessfully reverse engeneered a turkey bagel. I plan to create my own turkey bagels, and market them under a diferent label. Would this be considered fair use? or THEFT! you decide.
Dirty Pirate Hooker
The BIOS was copyrighted by IBM. No-one could make a clone without an equivalently functional BIOS, and IBM would have sued anyone who simply copied it. Hence the need to spec the BIOS as a black box, and reimplement it in a clean room.
Remember, this is DOS 1.0 we're talking about. Unlike a real OS, it does not abstract the hardware. You are right about only having to recreate the interface, but the interface is the hardware.
--
--
E_NOSIG
Why don't we see this in IP of other domains? Let's say an economist has come up with a new "innovative" theory, and that theory becomes his IP. Then a junior economist comes out, disect the theory into pieces, run it through scenario simulation, plug in all kinds of data to see how it works, and finally, figures that he changes a few premises in that theory, it would become a better theory.
Now, is the junior economist going to be sued for reverse-engineering?
How about those who are studying Sartre's existentialism? I'm sure the copyright on existentialism has not expired yet.
But reverse engineering by "black box" testing has been ruled as legal by the Supreme Court. It is perfectly legal to create a device that will create the same output for the same input. It would however be a copyright infringment to copy the circuit designs or code that goes with the device.
The mistake is in equating reverse engineering with doing a straight copy of the design.
Post anonymously - For when your opinion embarrasses even you!
On another project we built such a cheap graphics accelerator we didn't want our competition to realize how easy it was - so we had all the off-the-shelf PALs and SRAMs screen-printed with our own part numbers to hide the design.
Also back before congress passed the law to make masks copyrightable people would regularly put in design features into chips that were designed to not be easily copied optically - for example a poly that was just a little bit narrow so that it became very unreliable if you cloned the chip without carefully hunting down in the masks and touching it up (that could make a chip work - but not reliably enough to make a sellable product - and could be really hard to find if all you have is masks and no idea of how the die's internals are supposed to work).
Incorrect. Reverse-engineering is, and always has been, a legitimate form of study and exploration.
The R&D investment by the high-tech industry is easily dwarfed by that of the automobile industry. Yet the auto industry has little problem with people opening the hoods of their cars and mucking around. Yes, it voids the warranty, but Detroit does not labor under the illusion that such exploration by their customers is "theft".
Trade secrets are a really dubious form of intellectual "property". The onus of proof is on the party claiming trade secret protection. Without going into nauseating details, trade secret protection can vanish once the secret is independently discovered by lawful means. In nearly all cases, reverse-engineering falls within lawful means, especially when taking apart systems available on the open market.
With reference to "black box" systems, it is especially those systems that need to be taken apart and inspected, or else how will you know they are good products? How will you know, for example, that they aren't selling your privacy down the river (CueCat, anyone?)?
"Disclosure" is a very different thing from "independent discovery," the latter being what we're talking about here.
BTW, if your company is relying on secrecy for its market advantage ("security by obscurity") rather than its ability to execute and deliver excellent products, you're ultimately hosed no matter what.
Schwab
Editor, A1-AAA AmeriCaptions
A patent affords the ultimate protection, I agree, but how on EARTH can you possibly argue that people don't have the right to make reverse-engineering difficult?
Nothing stopping them doing that, except that doing so is likely to push up the manufacturing cost of the product. So when someone does produce a competing product they will be better able to undercut the original.
He is saying that _a thief_ can use reverse engineering to steal a competitor's design.
Just about every tool and technique known to man can be used for illegal activities.
Which law applies to an FPGA design? Copyright law, is it an artistic work? Or is it an invention? (Patent law)
If it is an artistic work, then copyright would automatically apply.. But I could create a similar device and be free&clear.
If it is an invention, then they can either patent it or not. If it is unpatented, then I can use it IN ANY WAY as soon as I determine how it works. Their only protections are trade-secret protections. (Obfuscation)
It's strange to me that ANYTHING one does that someone else doesn't like is being called theft. Everything from an open DVD player, to MP3's, to Napster, to CueCat, to RIAA.
It's beginning to piss me off.
Scott
(FYI: Fair use rights apply to anything, individual or corporate.. A newspaper has the right to excerpt another publication for discussion or debate.)
"Quite frankly is someone can reverse engineer it, odds are it was so damn obvious, it didn't deserve protection in the first place."
... but say I don't want to bother looking it up; all I do is take the Programmable Chips (PGA, FPGA, CPLD) and copy them exactly to my own $1.00 chips. In the end, I remove all components and copy the circuit board.
I think 'reverse-engineering' in the sense of this article relates to copying and distributing technology in its exact form.
Take a look at DVD players for example (There are many examples though). DVD players are non-programmable devices. They serve no purpose to the consumer other than to take a dvd and throw it straight to a television unencrypted.
When people go to purchase a DVD player, the only thing they really want is something thats affordable and good quality, and lasts for a long time.
Well, if i was Fishbulb Heavy Industries in Sako Japan, and US patent and copyright law didn't quite hold up where I'm living, I could very easily take a nice, popular DVD player and pull it apart.
Inside, I would find a slew of resistors. I could decide there value with a $5.00 ohm meter if they weren't labelled. In fact I could decipher and note the value of all components within the player instantaniously using a multi-meter or just my eyes.
When it comes down to the encryption itself - well that's a hard deal to decipher. Sure its been done and suppressed
There ya go, I now have a cheap fabricating operation to start-up which will yield millions of dollars; because I sell my DVD players for $50 less, and had to invest 0 dollars in R&D.
This entire scenario applies to graphics cards, sound cards, 3Com hardware, Cisco hardware... it applies to everything. It's only reverse engineering because copying the chips requires pulling them open.
to recap: "If figuring out how something works is a crime, then curosity should be outlawed." - I agree 100%, and I even agree that bad technology shouldn't generate money, it should be open-source. If however, I designed some awesome new doohickey, as i'm sure to do in the future, I don't want it to be stolen by some know-nothing capitalist and sold as "as good as the competition only cheaper".
Curiosity and Cash don't often hold the same moral arguments.
Ace
As for reverse engineering being theft: it is. You have to consider that the products they ship are intended to be "black boxes" and may contain trade secrets, which are legally protected. Do you want your company's trade secrets disclosed? Not really. That's why reverse engineering is not a good thing.
Clean room reverse engineering is not theft. If you can duplicate the function of a black box without knowing how it works, then you haven't stolen any trade secrets.
Clean-room reverse engineering must continue to be legally protected. The whole idea behind the clean-room process is that you have one group analyze the original, to create a specification which describes what it does, without describing how it works.
This specification is then given to a second team, which has no knowledge about the design of the orignal, and is therefore clean. The second team then designs their device to meet these specs --thereby duplicating the function of the original without stealing any trade secrets.
This is the process which led to the first PC clone. You're not suggesting that Compaq or Phoenix stole IBM's trade secrets...are you?
Also, wrt trade secrets: keep in mind the reason patents are protected and trade secrets are not. Trade secrets do not benefit society the way that patents do, and thus society provides no incentive for their creation. Reverse engineering is an important mechanism in encouraging people to patent -- and thus disclose to society, and offer (eventually) to the public domain -- their inventions. If reverse-engineering becomes theft, essentially society is granting monopoly rights but getting nothing in return. This is a bad deal, one that society should not put up with.
Bottom line: if you don't want your discovery copied, patent it. Otherwise, it's still free for the taking, as it should be. Monopoly over your invention is a trade with society, for your putting that invention in the public domain. It's not a right -- you don't get it for nothing.
Otherwise, yes, interoperability is one of the main (only?) reasons that reverse engineering is considered a fair use.
--
The opportunity to slashdot a phone number!
I just tried it, its busy. Easy way to avoid a slashdotted number is to take the phone off the hook. And the author can only take one call at a time, as opposed to thousands of simultaneous connections against a website.
I'm not sure why xtermz thinks this is a one sided article. I've read it, and it seems to be prety even-handed. There is a problem in the ASIC/FPGA world, with well funded criminals quickly reverse engineering electronic items, and then flooding the market with cheap copies. It hurts the company that spend a lot of R&D money to be ripped off easily, so a number of ASIC and controller manufacuturers are adding clever circuitry to prevent easy hardware copying.
Hardware reverse engineering was getting easier and easier over the last few decades. Its about time it got interesting (in a difficult crossword puzzle kind of way) again.
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
Sorry, no. General Motors has a whole building in Warren, Michigan devoted to taking apart cars from other companies. They look at methods used, quality of construction, and new ways of thinking about car design. Even though they can't copy patented mechanisms, they learn a whole lot about how they can make their product better.
OK... here's an odd question that popped into my head:
The DMCA explicitly allows for reverse engineering for compatability purposes. What if I am interested in reverse engineering a circuit design, piece of code, etc. not for compatibility purposes, but in order to determine if they designer/implementor is infringing on a patent that I or my company holds?
Now, according to the DMCA, I'm a criminal - I've engaged in reverse engineering for other purposes than compatibility. No matter that I may have proof, via the reverse engineering, that someone was infriging on a patent; according the the DMCA, I committed a crime in order to obtain that information.
Am I missing something here? Or does the DMCA - which it's advocates touted as being essential to protecting intellectual property in today's digital world - allow someone to essentially ignore patents under the right circumstances?
"Great men are not always wise: neither do the aged understand judgement." Job 32:9
This is totally different from simply stealing a design. This second type of reverse engineering is obviously what the article is about.
Duplicating an unpatented design is not theft.
That's the whole point of a patent -- in exchange for disclosing your design, you gain government protection. Without a patent, you have no legal protection for your design, and your design enters the public domain the instant someone examines it and realizes how it works.
Just because the author wants reverse engineering to == theft doesn't make it so.
How do you think Polaroid found out that Kodak had ripped off thier patents on instant cameras more than a decade ago. Thier engineers bought one and cracked it open. Polaroid sued and the judge ordered Kodak to pay restitution and try to recall EVERY Kodak instant camera sold. They are now pretty rare collectables.
For example look for small alleys in city maps that don't really exist - there's a technical term for these that I forget ....
:)
What happens when people use these as addresses to poision junk mail databases
- A patent
- A copyright
- A trademark
That's it. IANAL, but I believe there are some provisions against stealing intellectual property, where "stealing" means breaking into an office and physically taking/copying trade secret material. That is a crime because the "trade secret" was obtained through a criminal act.However, in this country, there is no such law outlawing reverse engineering, not even the DMCA. The DMCA forbids the circumvention of copyright protection other than for interoperability, so whether that circumvention was obtained through reverse engineering or not is irrelevant (which makes me wonder if I could publish my weak protection scheme and still claim that the DMCA applies, but that's another story...).
In fact, if it were legal to reverse engineer, every single "invention" would be illegal. Let's see... birds can fly... I want to build a flying machine... ILLEGAL. Fire good, fire warm, me want fire, me bang rocks... ILLEGAL. I want to cure a disease... unfortunately I cannot analyze the disease because that would be... ILLEGAL.
So, unless you have it patented, consider it public domain once you release a product. Horrors, you may actually have to compete in a free market! Oh dear God, no!
In the perfect world, vague overgeneralized IP laws would apply to everyone except me, and then I would be your god.
A choice of masters is not freedom
As for reverse engineering being theft: it is. You have to consider that the products they ship are intended to be "black boxes" and may contain trade secrets, which are legally protected.
The only legal protection of trade secrets is protection against their being revealed by "insiders." Trade secrets may be legitimately revealed by reverse engineering, and then they cease to be trade secrets -- they are in the public domain, with no protection.
This is good.
Do you want your company's trade secrets disclosed?
If you want the government to provide you with a monopoly on your invention, you need to file for a patent, and completely disclose your invention. It's your choice. Choosing the trade secret route carries benefits and drawbacks. The benefit is that you don't have to disclose. The drawback is that you are subject to reverse engineering.
Reverse engineering can be defined on so many levels it isn't right to just broadly categorize it as theft!
When we figure out how quantum mechanics work, we are essentially reverse engineering it (from God, the universe, whatever).
There is no judgement on that practice, only on the applications derived from the knowledge gained!
In a similar way, reverse engineering a product can be said to be similar. Intel produces a high commodity, high volume, very popular part.
Is it fair for AMD to produce a plug in replacement part to try to make a profit?
Yes. There's nothing illegal about that, it's just commercialism/capitalism.
Now, as for the gritty details of reverse engineering... As long as you don't take the work that someone else has done, there's not way to qualify that as theft. You haven't taken their research, you haven't taken their documents, you haven't taken their personal. All you have done is taken their product, which you own if you purchase it, and analyzed it, which is fair use if anything is, and watched it work, which is no more or less wrong than trying to find another particle in the quantum menagerie.
Trade secrets are not legally protected. Patents are. Do we want company trade secrets disclosed? Of course not! But they are only trade secrets while they are unknown, and the minute they are known, they are not trade secrets.
Reverse engineering has given us the PC! It has given us PSX emulators, Gameboy emulators, Linux SAMBA(I think), DeCSS, and loads of other things. In a competitive landscape, reverse engineering seems downright commendable!
The nick is a joke! Really!
GPL Deconstructed
This whole story should be modded down as "Troll". Quit stirring up trouble with inflamatory headlines and out of context quotes. Hemos, you and several other /. "editors" need to go and read the Linux-PR HOWTO again. Behave yourselves as decent and responsible members of the community or you find yourselves with the level of community respect that currently reserved for your very own /. trolls.
/. speak, is copyright violation, and that is theft. It is not what we call reverse-engineering.
What this guy is talking about, translated to
Good judgement comes from experience, and experience comes from bad judgement.
Good judgement comes from experience, and experience comes from bad judgement.
- W. Wriston, former Citibank CEO
That what this piece read like. I'm sending this an angry email telling him that I resent his calling me a thief for having done my job while legally employed firms conducting legitimate business.
[expletive deleted] [expletive deleted]
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
- Accolade used a two- step process to render its video games compatible with the Genesis console. First, it "reverse engineered" Sega's video game programs in order to discover the requirements for compatibility with the Genesis console. As part of the reverse engineering process, Accolade transformed the machine- readable object code contained in commercially available copies of Sega's game cartridges into human- readable source code using a process called "disassembly" or "decompilation".[1] Accolade purchased a Genesis console and three Sega game cartridges, wired a decompiler into the console circuitry, and generated printouts of the resulting source code. Accolade engineers studied and annotated the printouts in order to identify areas of commonality among the three gameprograms. They then loaded the disassembled code back into a computer, and experimented to discover the interface specifications for the Genesis console by modifying the programs and studying the results. At the end of the reverse engineering process, Accolade created a development manual that incorporated the information it had discovered about the requirements for a Genesis- compatible game. According to the Accolade employees who created the manual, the manual contained only functional descriptions of the interface requirements and did not include any of Sega's code.
This was eventually found to be legal.I believe one of the reasons for clean room reverse engineering is stated in the last line there, to make sure none of Sega's IP (their copyrighted code) gets copied into the new code. Copyright only covers implementation, so clean room reverse engineering translates Sega's implentation into conceptual stuff that copyright can't cover and then into Accolade's implentation, without skipping the concept part.
--
They were sued. They won. The WinTel PC industry was born. This doesn't even take into account the amount of software "look and feel" cloning that took place some 8-9 years later.
If figuring out how something works is a crime, then curosity should be outlawed. Quite frankly is someone can reverse engineer it, odds are it was so damn obvious, it didn't deserve protection in the first place.
Burn Hollywood Burn
Yes.
At first I thought they were just errors. But then I learned that these 'mistakes' were intentional. I don't recall if I read about it or saw it on TV, but someone from a map publisher was interviewed about and confirmed the practise.
As for the examples, here are a couple I think are instances of this, but they could be errors.
I've seen maps of NJ that show a town called "Hiltons" between Atlantic Highlands and Highlands. I grew up in Atlantic Highlands. There is no such town.
When I first moved to Burlington county NJ I picked up some maps so that I could find my way around. Twice I got messed up because short (>= 1/2 mile) roads marked on the map didn't exist.
Finally, a map I own (I live in NJ but I'm in CA on business now or I'd dig out the map and give an exact reference) the condo complex I live in is not shown and a road that does not exist is shown instead.
Steve M
I remember such an article. Perhaps the ever resourceful Markus Kahn can be of service.
http://www.cl.cam.ac.uk/Resear ch/ Security/tamper/
You describe one method of reverse engineering, but not the only method.
Reverse engineering can also involve dumping out the program, disassembling and commenting the code.
That would be the first step of a "clean-room" project. The result of the first step would be a copy of the original program, which, as you correctly pointed out, you can't use, because of copyrights on the code. You can't stop there.
The second step of the clean-room process is for the person who now understands the program to write a complete description of what the program does. Copyright only protects implementations of ideas, not the ideas themselves, so you describe the ideas of the program without revealing the details of the implementation.
The third step of the clean-room process is to hand the complete description of what the program does to a second party who has never been "contaminated" by examining the original implementation. The second party is then free to write a new implementation, based on the description.
This is how the first PC clone BIOS was developed.
The first step in this completely legal, commonly used process is to copy the actual program. It is not theft.
What the article is describing is not just how to prevent someone from copying the data, it is describing how to prevent someone from reading the data; in order to prevent legitimate reverse engineering and legal clean-room re-implementations.
The author is describing how to obtain protections over and above what the law provides, not how to obtain legal protection. Legal protection comes from patents and copyrights. Trade-secret protection comes from obscurity and obscurity alone, not from the government.
1. Reverse engineering absolutely never occurs aka "Perfectly Secret Engineering". Even when a design feature is obvious (such as a winglet on a plane) other companies cannot copy it. They must arrive at the same conclusions as the first company through trial and error. Knowledge never passes into the public domain unless someone explicitly places is there.
Outcome: Technology stagnates due to duplication of effort. There is a lack of incentive to innovate because once a product is sufficiently complex as to be difficult to duplicate, the company that originated the idea will have a long time before anybody can duplicate it. Companies will drown in a sea of paperwork required to prove that they arrived at the same design independantly.
2. Unlimited reverse engineering aka "Perfect Reverse Engineering". All products may be disassembled and duplicated without hinderence of patent, trade secrecy, or any other form of intellectual property. Knowledge flow is instantaneous from creator to user.
Outcome: The tragedy of the commons. Companies will play "wait-n-see" to see who comes up with difficult to engineer solutions to problems. If they are making a profit, they will not bother to spend money on R&D. The outlay can't be justified for the low expected return. Companies will only innovate when the entire business segment is threatened. Because all companies share IP in this scenario, the entire sector would have to be threated before it would decide to innovate. If even one company were making a profit, then the failing companies would blame their marketing or management departments. Actually, marketing and management techniques are also IP, and would be shared too. Effectively, such a situation would be akin to a monopoly, since all companies would have the same IP, and would be different companies in name only.
It shouldn't be a surprise that both of these scenarios suck. An equillibrium is required. Politics is the art of compromise. Geeks need to recognize that compromise is a necessary part of the equation. That means Free Software people tolerating some patents, trademarks, and copyrights. That means businesses tolerating some hacking, reverse engineering, and parodies.
Does this provide an easy answer to the questions? Of course not. There is no easy answer. The opposing parties and the mediator(s) are all part of a complex solution. Here's hoping that we can remain civil, and arrive at solutions that provide a fair balance for each individual case.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
...but had the company that created the ASIC/FPGA/"other 4-letter acronym device" encrypted the configuration bit stream (which is decrypted on the ASIC) - even if it was simple ROT-13 - you would be in violation of the DMCA provisions regarding encrypted streams, etc...
This world is rapidly becoming a fucked place, and I fear a revolution is brewing...
I support the EFF - do you?
Reason is the Path to God - Anon
The story is right, but you have the wrong computer.
Apple's ROMs had entrypoints that were all over the ROMs' address range, because they didn't want to dedicate any area as a jump table. Franklin copied the ROM verbatim, as rewriting it would screw up the entrypoints. Apple sued Franklin, and WON.
IBM made the BIOS (with function numbers instead of haphazard entry vectors) specifically so that it could be re-written, extended, improved over time. They PUBLISHED the source code to the whole BIOS, and knew that this put them in the risk of being cloned. COMPAQ rewrote the BIOS, function by function, complying with the data interfaces only. IBM sued COMPAQ, and LOST.
[
As an intellectual property attorney, I am appalled by the stance taken by the author of that article. Below please find the letter I just e-mailed him to briefly correct his misperceptions:
d f2.htm , I find it particularly disturbing that you refer to reverse engineering as "theft." In particular, the following text gives me tremendous pause:
In reference to your article, "Cunning Circuits Confound Crooks," found at: http://www.ednmag.com/ednmag/reg/2000/10122000/21
"The other harder but possibly even more damaging form of theft is "reverse-engineering." In that scenario, someone uses the information stored in the programmable-logic device to reconstruct the original circuit details and then alters and incorporates those details in part or whole into other designs." Your analysis is woefully misguided.
Intellectual property protections in the United States exist for copyright, trademark, patent and trade secret information, and each of these areas includes its own particular set of limitations. These limitations are present for very good reasons, ranging from free speech to the encouragement of innovation. For any truly new, useful and unobvious circuit, patent protection can be obtained -- protection that gives the inventor the exclusive right to manufacture, use and sell the patented invention for a limited time. However, that protection comes at a price: the inventor must disclose to the world precisely how to make and use the invention, so that others may build upon it and so that further innovation may be encouraged.
Similarly, trade secret protection also has limitations. Trade secrets are protected only while they are precisely that: secret. Since trade secret protection (a) gives unlimited time-duration protection, and (b) fails to educate the rest of the world and thereby foster further innovation, it is extremely limited. Once a given technology is no longer secret, it may be used by anyone freely.
If a circuit designer decides to forego the greater protections afforded by patent, he or she cannot complain about reverse engineering under the law. So long as someone is not directly infringing a copyright (or mask work) by literally copying a chip design, they are free to use the underlying ideas to improve their own devices.
Reverse engineering is not theft, either legally or ethically, and I suggest that you consider my comments in your journalistic pursuits.
Joffrey X. XXXXXXXX
xxxxx & xxxxx, LLP
No, really! I'm one of the *good* lawyers!
Actually they used a clean room implementation, lookin at the bios as a black box and reproducing its functions. This could be reverse engineering, but they never looked into the bios to see the code.
The people doing the coding had to start with little to now prior knowledge of the existing BIOS.
It depends on what the ulterior motive is. The issue is if you are studying things to find out how they work with the intention to create a compatible item to undersell your competitor. Now, obviously, I don't think this is wrong because Competition Is Good (tm). Again, we go back to the reverse engineering of the IBM PC BIOS. There was no harm there. It's capitalism at its best.
Maybe it sucks for the company that created the idea/product because they now don't have a monopoly (which, the last time I checked, was a good thing), but it sure as hell isn't theft. Any claims like that are ridiculous.
Mike
"I would kill everyone in this room for a drop of sweet beer."