Call now: 252-767-6166  
Oracle Training Oracle Support Development Oracle Apps

 
 Home
 E-mail Us
 Oracle Articles
New Oracle Articles


 Oracle Training
 Oracle Tips

 Oracle Forum
 Class Catalog


 Remote DBA
 Oracle Tuning
 Emergency 911
 RAC Support
 Apps Support
 Analysis
 Design
 Implementation
 Oracle Support


 SQL Tuning
 Security

 Oracle UNIX
 Oracle Linux
 Monitoring
 Remote s
upport
 Remote plans
 Remote
services
 Application Server

 Applications
 Oracle Forms
 Oracle Portal
 App Upgrades
 SQL Server
 Oracle Concepts
 Software Support

 Remote S
upport  
 Development  

 Implementation


 Consulting Staff
 Consulting Prices
 Help Wanted!

 


 Oracle Posters
 Oracle Books

 Oracle Scripts
 Ion
 Excel-DB  

Don Burleson Blog 


 

 

 


 

 

 

 
 

Have decompilers become evil?

Oracle Database Tips by Donald Burleson

 

I'm surprised to hear in the media that using "decompilers" is often associated with evil!  Decompilers have been standard issue for many IT consultants, an indispensable tool for modifying unsupported software executables.

 

I remember when a shop that I was working at just upgraded from BAL to Cobol.  All of the assembler jockeys were inspecting the PMAP output, commenting on the inefficient assembler code generated from this fancy new-fangled Cobol language.

 

Before the advent of the web and the criminal element, language decompilers had many legitimate uses within an IT shop:

  • Code unification - Some shops use decompilers to standardize code from many languages into a unified procedural language.
     

  • Migrations - Decompilers are sometimes used during system migrations to ensure code consistency.
     

  • Vendor product maintenance - Decompilers are frequently used in IT shops to support defunct software, especially in cases where the source code was not held in escrow.
     

  • How does it work? - In the USA, it appears to be legal to decompile source code, but only in specific conditions.  According to Saga vs. Accolade (977 F.2d 1510), decompiling copyrighted object code is, as a matter of law, is "fair use" only under very specific conditions:

    "where disassembly is the only way to gain access to the ideas and functional elements embodied in a copyrighted computer program and where there is legitimate reason for seeking such access, disassembly is a fair use of the copyrighted work, as a matter of law."

Of course, media reports of hackers and thieves using decompilers overlooks the legal and legitimate uses of reverse engineering.  Lets take a close look at the current status of disassemblers and decompilers and the current status of reverse engineering.

 

Failures in the software escrow market

 

What do you do when your mission-critical app vendor goes bankrupt?

 

Whenever considering any mission-critical computer system, savvy IT managers will require that the source code be placed in a blind-escrow with a long-standing law firm, many vendors refuse to do this, leaving customers with little recourse.  This article notes the conditions whereby you can get the source code from a software escrow agent:

 

"* The licensor ceases its business undertaking without validly assigning its maintenance obligations and its obligations under the agreement to a competent third party.

* The licensor suffers bankruptcy.

* The licensor does not comply with its maintenance obligations and/or its obligations under the agreement to such an extent that its failure to comply endangers the continuity of use of the licensed product by the licensee.

* The licensor has been subject to a take-over by a third party that does not continue the maintenance obligations or offers to accept them only on commercially unreasonable terms."

But what if you don't have the source code in escrow?  Using decompilers was a legitimate and normal part of IT work, a tool that is absolutely required when your vendor goes belly-up and you don't have access to the source code.

 

When is decompiling legal?

 

In the absence of vendor support, there is no question that a company has a right to decompile their application in-order to continue supporting their application, but decompiling cannot be used except in extreme circumstances.  IEEE has this policy page on using decompilers for reverse engineering:

"We support the fair use rulings in the Sega Enterprises vs. Accolade, 977 F.2d 1510 (9th Cir. 1992) and Nintendo vs. Atari, 975 F.2d 832 (Fed Cir. 1992) decisions pertaining to disassembly of computer code.

Additionally, when the object code of a program is widely distributed so that the object code is no longer a trade secret, contractual provisions accompanying the object code, which purport to limit the engineer's fair use privileges to reverse engineer the object code, should not be enforceable."

While it's true that many criminals use decompilers to steal intellectual property and copyrighted/patented techniques, we always need to remember that there are legal and legitimate uses for decompiler software.  This Computerworld article notes that decompiling is allowed under very limited circumstances and in-itself, decompiling may not violate the DMCA.

 

This Infoworld article titled "hacking or reverse engineering" notes that decompiling source code may be legal to "learn how something works", but not with the intent to violate copyrights or patents:

"If you buy something, you have the right to hook it up backwards, to turn it into a pi'ta, to shoot holes in it with a licensed .357 Magnum, or to plant it on a pike on your front lawn.

 

But in America, your right to take it apart to figure out how it works is in the hands of corporate lawyers.

 

Owning specialized tools for the purpose is okay - even disassemblers that turn software into rough source code or logic probes that record the behavior of running silicon.  . .

 

The assumption is that in technology, reverse engineering -- the simple and essential science of learning how a thing works -- is employed to violate copyrights and patents.

Yes, I could reverse engineer a microprocessor to create a clone and sell it for one tenth of the original's price, but that would be both immoral and illegal.

 

But what if I reverse engineered to uncover undocumented capabilities of that processor, so I could place in the hands of those who own systems with that chip the power to make more complete use of them?"

In any case, it's clear that disassemblers and decompilers can be abused by criminal and hackers, but there are legitimate uses for reverse engineering within an IT shop.  It will be interesting to see how the concept of "reverse engineering" is viewed in the worldwide market, especially in countries that do not share a high regard for U.S. Copyright and Patent law.

 

Note:  This is a literature review by a computer geek with no legal experience, and it does not provide any legal advice.  If you want legal advice, consult your local Bar Association, not this web page!

 


 

 

��  
 
 
Oracle Training at Sea
 
 
 
 
oracle dba poster
 

 
Follow us on Twitter 
 
Oracle performance tuning software 
 
Oracle Linux poster
 
 
 

 

Burleson is the American Team

Note: This Oracle documentation was created as a support and Oracle training reference for use by our DBA performance tuning consulting professionals.  Feel free to ask questions on our Oracle forum.

Verify experience! Anyone considering using the services of an Oracle support expert should independently investigate their credentials and experience, and not rely on advertisements and self-proclaimed expertise. All legitimate Oracle experts publish their Oracle qualifications.

Errata?  Oracle technology is changing and we strive to update our BC Oracle support information.  If you find an error or have a suggestion for improving our content, we would appreciate your feedback.  Just  e-mail:  

and include the URL for the page.


                    









Burleson Consulting

The Oracle of Database Support

Oracle Performance Tuning

Remote DBA Services


 

Copyright © 1996 -  2017

All rights reserved by Burleson

Oracle ® is the registered trademark of Oracle Corporation.

Remote Emergency Support provided by Conversational