Have decompilers become evil?
Oracle Database Tips by Donald Burleson
I'm surprised to hear in the media
that using "decompilers" is often associated with evil!
Decompilers have been standard issue for many IT consultants, an
indispensable tool for modifying unsupported software
I remember when a shop that I was
working at just upgraded from BAL to Cobol. All of the
assembler jockeys were inspecting the PMAP output, commenting on
the inefficient assembler code generated from this fancy
new-fangled Cobol language.
Before the advent of the web and
the criminal element, language decompilers had many legitimate
uses within an IT shop:
Code unification - Some shops use
decompilers to standardize code from many languages into a unified
Migrations - Decompilers are sometimes
used during system migrations to ensure code consistency.
Vendor product maintenance -
Decompilers are frequently used in IT shops to support defunct software,
especially in cases where the source code was not held in escrow.
How does it work? - In the USA, it
appears to be legal to decompile source code, but only in specific
conditions. According to Saga vs. Accolade (977
F.2d 1510), decompiling copyrighted object code is, as a
matter of law, is "fair use" only under very specific
"where disassembly is the only way to gain access to the
ideas and functional elements embodied in a copyrighted computer program and
where there is legitimate reason for seeking such access, disassembly is a
fair use of the copyrighted work, as a matter of law."
Of course, media reports of
hackers and thieves using decompilers overlooks the legal and
legitimate uses of reverse engineering. Lets take a close
look at the current status of disassemblers and decompilers and
the current status of reverse engineering.
Failures in the software escrow
What do you do when your
mission-critical app vendor goes bankrupt?
Whenever considering any
mission-critical computer system, savvy IT managers will require
that the source code be placed in a blind-escrow with a
long-standing law firm, many vendors refuse to do this, leaving
customers with little recourse.
This article notes the conditions whereby you can get the
source code from a software escrow agent:
"* The licensor ceases its business undertaking without
validly assigning its maintenance obligations and its obligations under the
agreement to a competent third party.
* The licensor suffers bankruptcy.
* The licensor does not comply with its maintenance obligations and/or its
obligations under the agreement to such an extent that its failure to comply
endangers the continuity of use of the licensed product by the licensee.
* The licensor has been subject to a take-over by a third party that does
not continue the maintenance obligations or offers to accept them only on
commercially unreasonable terms."
But what if you don't have the
source code in escrow? Using decompilers was a legitimate
and normal part of IT work, a tool that is absolutely required
when your vendor goes belly-up and you don't have access to the
When is decompiling legal?
In the absence of vendor support,
there is no question that a company has a right to decompile
their application in-order to continue supporting their
application, but decompiling cannot be used except in extreme
circumstances. IEEE has this
policy page on using decompilers for reverse engineering:
"We support the fair use rulings in the Sega Enterprises vs.
Accolade, 977 F.2d 1510 (9th Cir. 1992) and Nintendo vs. Atari, 975 F.2d 832
(Fed Cir. 1992) decisions pertaining to disassembly of computer code.
Additionally, when the object code of a program is widely distributed so
that the object code is no longer a trade secret, contractual provisions
accompanying the object code, which purport to limit the engineer's fair use
privileges to reverse engineer the object code, should not be enforceable."
While it's true that many
criminals use decompilers to steal intellectual property and
copyrighted/patented techniques, we always need to remember that
there are legal and legitimate uses for decompiler software.
Computerworld article notes that decompiling is allowed
under very limited circumstances and in-itself, decompiling may
not violate the DMCA.
This Infoworld article titled "hacking or reverse
engineering" notes that decompiling source code may be legal to
"learn how something works", but not with the intent to violate
copyrights or patents:
"If you buy something, you have the right to hook it up
backwards, to turn it into a pi'ta, to shoot holes in it with a licensed
.357 Magnum, or to plant it on a pike on your front lawn.
But in America, your right to take it apart to figure out how
it works is in the hands of corporate lawyers.
Owning specialized tools for the purpose is okay - even
disassemblers that turn software into rough source code or logic probes that
record the behavior of running silicon. . .
The assumption is that in technology, reverse engineering --
the simple and essential science of learning how a thing works -- is
employed to violate copyrights and patents.
Yes, I could reverse engineer a microprocessor to create a clone and sell it
for one tenth of the original's price, but that would be both immoral and
But what if I reverse engineered to uncover undocumented
capabilities of that processor, so I could place in the hands of those who
own systems with that chip the power to make more complete use of them?"
In any case, it's clear that
disassemblers and decompilers can be abused by criminal and
hackers, but there are legitimate uses for reverse engineering
within an IT shop. It will be interesting to see how the
concept of "reverse engineering" is viewed in the worldwide
market, especially in countries that do not share a high regard
for U.S. Copyright and Patent law.
Note: This is a
literature review by a computer geek with no legal experience,
and it does not provide any legal advice. If you want
legal advice, consult your local Bar Association, not this web