www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christofer Dutz <christofer.d...@codecentric.de>
Subject Re: Reverse engineering ... allowed or forbidden?
Date Sat, 02 Feb 2019 01:34:49 GMT
Hi Alex,

Well I guess my point is, that companies write stuff in their License agreements or Terms
Of Use they wish were legally binding.

That doesn’t mean they actually are.

Just because I write a piece of software under a license, that the user can use it as long
as he adds my face to Mt. Rushmore doesn’t guarantee that my face IS actually added to it.

So just because some License Agreements might claim that, it still might not be a valid legal
paragraph. I even doubt any paragraphs in Adobes Terms of Use are 100% legally binding everywhere.
Especially if they are applied to network protocols.

I know that in general in the European Union it is allowed to reverse engineer network protocols.
It is even encouraged to do so from a security perspective. No matter what the License Agreement
might claim.

I guess that’s what the severability clause is all about.


Von: Alex Harui <aharui@adobe.com.INVALID>
Antworten an: "legal-discuss@apache.org" <legal-discuss@apache.org>
Datum: Freitag, 1. Februar 2019 um 18:39
An: "legal-discuss@apache.org" <legal-discuss@apache.org>
Betreff: Re: Reverse engineering ... allowed or forbidden?

IANAL, is reverse engineering really a copyright issue?  Or a separate issue if the terms
of use (TOU) of a binary prohibits reverse engineering?  I know some of Adobe’s binaries
have TOU that explicit mention that you are not allowed to “reverse engineer”.  The source
code for those binaries is locked up so it isn’t an issue of whether you saw the code or
not.  By using the product, you agree to those TOU and thus agree that you can’t use disassemblers
or other techniques to replicate the functionality of the binary.

So, if you used some binary to send packets on the network, what were the TOU for that binary?


From: Roman Shaposhnik <roman@shaposhnik.org>
Reply-To: "legal-discuss@apache.org" <legal-discuss@apache.org>
Date: Friday, February 1, 2019 at 3:46 AM
To: "legal-discuss@apache.org" <legal-discuss@apache.org>
Subject: Re: Reverse engineering ... allowed or forbidden?

On Fri, Feb 1, 2019 at 8:50 AM Christofer Dutz <christofer.dutz@codecentric.de<mailto:christofer.dutz@codecentric.de>>

Just for clarification. I didn't look at any code.

Good to know -- but my PS was exactly about that -- in certain situation
there have been claims that even doing reverse engineering gets you
"tainted". Personally I don't agree with that at all -- but that's probably
besides the point.

There wasn't even any information available at all.

What I did, was:
I hooked my network dumper to an existing device. Looked at the hex dumps (about 300000-500000
packets) drew conclusions from patterns I saw, checked them via little Java programs I wrote
and did a lot of talking with people who built the factory setup.

So from a copyright perspective we should be completely safe.

And yes: the code I'm taking about is completely separate. (Test code in the dedicated DeltaV


Then, personally, I'd say that you did all you can to minimize the risk to your
project and the foundation.


View raw message