Page 1 of 2 12 LastLast
Results 1 to 15 of 17

Thread: sort of legal question...

  1. #1

    sort of legal question...

    Hi there,

    in a couple of month my studies going to come to an end. Therefore I'm looking for a decent topic for my bachelor thesis. Of course it will be something from the realm of reverse engineering. I ogle with an in-depth examination of some packer/protector to show the weak spots of recent protectors and some basic attempts to overcome it's weakness. Now my question: Let's imagine I own a legal copy of some packer/protector (say ASProtect SKE or similar) and I wrap a program I coded myself. Am I - under these circumstances - allowed to dissect the resulting binary, showing the modus operanti of the protector and revealing it's internals? I asked my professor in charge but he just didn't know. He said I'm the very first student of our faculty who chose such a topic. Since I don't want to get into trouble (had enough in the past -I'm sick of it ), I would like to ask you if this sounds OK. Maybe some of you did something similar in the past, maybe someone knows somebody who did. You know what I mean.

    Thanks a lot in advance.


  2. #2

    You can do that with no problems in the USA.
    It's not a commercial release for profit of ripped code so you can
    do whatever you want with it.

    Even if you dont own it, it's not for profit, so it's ok.

    Learn Or Die.

  3. #3
    Master Of Nebulah Frost Polaris's Avatar
    Join Date
    Jun 2002
    Invincible Cyclones Of FrostWinds

    Personally, I have to disagree with Woodmann here. Doing what you describe may put to harm the business model of the developer of the protector you will dissect, resulting in money loss on their side; harming someone's business is usually a good recipe for trouble.

    This said, and as Woodman says above, it may be that on a legal standpoint you could come out clean and victorious depending on where you are and on the local legislation, but I would recommend avoiding getting anywhere close to courts and legal proceedings.

    Take care and good luck with with your projects!
    Stand In The Fog With So Cold A Heart... Watching The Death Of The Sun...

  4. #4
    In Europe,
    you may have quite a bit of troubles, I fear.
    In a bunch of nations the laws changed so that 'password hacking tools' and similar were declared forbidden, one way or another.

    You better spend a bit of time looking for your local laws (ask to a lawyer's friend/student to aid you in the articles' research).
    I want to know God's thoughts ...the rest are details.
    (A. Einstein)
    ..."a shellcode is a command you do at the linux shell"...

  5. #5
    Registered User
    Join Date
    Dec 2005
    Blog Entries
    I'm planning on doing something similar at my University in the USA. You'll be fine.

  6. #6

    Since I don't know the laws of every country, I suppose you could get into some trouble.

    But, Since it will only be between you and your professor I dont see any problem, no matter what country you live in.

    It's an academic paper, not a commercial release.

    Learn Or Die.

  7. #7

    Even Better...

    Even Better, code your own packer/protector.

    THEN, break it.

    No harm done. You can't sue yourself.

    And as an added bonus, you get to understand packing/protecting from a programmer's viewpoint too... helps you later crack with a deeper, erudite knowledge.

    Have Phun
    Blame Microsoft, get l337 !!

  8. #8
    Quote Originally Posted by Aimless View Post
    You can't sue yourself.
    What a silly thing to say... You don't live in the states, do you?

  9. #9
    What a silly thing to say... You don't live in the states, do you?

    Well said

    Over here you could very well sue yourself.
    You would need to be really waney but, shit, anything is possible.


    I forgot to add, waney/wany means decreasing.
    In this instance it means decreasing intelligence.
    It's a rural term for nit-wit, idiot, moron, pea brain,
    jerk wad, dimwit............
    Learn Or Die.

  10. #10
    Hi guys,

    thank you all very much for your answers. For the last two days I was busy figuring out the legal situation in my country. Unfortunately I'm straight from the nation of the weirdos (at least that's the impression I got while doing this research) and hence Maximus is perfectly right. The government of Germany changed §202 of the criminal code with a law called "Strafrechtsänderungsgesetz zur Bekämpfung der Computerkriminalität" which means "amendment of the criminal code to fight computer crime", in a way that even whitehat pentesters have one foot in prison. This §202 states that one is not allowed to create, program, hand over, spread or obtain any tool that is suitable to break computer security. This includes even Wireshark (that's crazy, isn't it?). Computer security means software protections, too. Explicitly! So if I write a thesis about the weakness of a "software protection", I'd commit a crime because somebody could use it to overcome this protection. That's so fucking nuts, I hardly find words for it. I should have gone to another country from the start. I wonder how science will handle this in general. In Germany they discuss a governmental trojan for quite some time. Regarding this, this changed (or new) §202 makes sense. You cannot capture a trojan, if you'll have no tools to do so.
    So right now I'm somewhat pissed because I'm forced to write about some completely different topic.
    Again, thanks for your answers.


  11. #11
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Blog Entries


    look here, you can do this:

    USE FREEWARE protector, analyze & make good hints for upgrade.

    everyone will Happiey!

  12. #12
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Regarding the laws in Germany related to "security"-software, you may want to talk to Halvar and see if he has any suggestions for you or knowledge of legal loopholes.

  13. #13
    Programmer Run Amock... Bengaly's Avatar
    Join Date
    Aug 2001
    Somewhere over the Rainbow
    Blog Entries
    Write your thesis,
    when it's done, PGP it and print it.
    when the test comes, decrypt the digital form for their 'eyes only' (on the fly) and than close it.. enjoy :

    When I was forced to write thesis + software application in 2002, I introduced first version of PVDasm to my university assembler professor and the board of testers.
    The good thing out of it was: the testers understood shit of what I did, they did not know what to ask and were forced to ask me 1 question: they pointed on a disassembled line in pvdasm and said: "what that instruction does?" ...

    well you see, the board of testers will know nothing of your doing and will care less about it. It's all about formality... so, who gives a #$%$#%$!
    "knowledge is now free at last, everything should be free from now on, enjoy knowledge and life and never work for everybody else"

  14. #14
    I wish it would be that easy. I can't even begin to tell you how desperate I wish it would be that easy! In Germany you MUST hand in your thesis as a book (2 copies - the only decision you can make is the color of your hardcover) AND one digital copy (you're free to choose if it's a CD or a DVD). Additionally, your digital copy must contain every single line of source code. This is because every thesis is digitally archived in the German National Library. The Germans really elevated bureaucracy to an art form. It sucks so hard . But I see a small light at the end of the tunnel. My prof in charge tries to find a way to circumvent the strict regulations of German law. I really hope he will be successful.

    Thanks for taking interest.


  15. #15

    I am very interested in how this plays out.
    If you need my help, ask and I will do what I can .

    Learn Or Die.

Similar Threads

  1. Current legal status wrt emulators
    By sen322 in forum Off Topic
    Replies: 2
    Last Post: October 12th, 2009, 20:22
  2. Hello, sort anoob here
    By Nanbe1st in forum Off Topic
    Replies: 1
    Last Post: October 17th, 2006, 22:59
  3. N00b question about test al,al (and a conditional breakpoint question)
    By zambuka42 in forum OllyDbg Support Forums
    Replies: 10
    Last Post: July 25th, 2006, 15:55
  4. Is this legal?
    By Stick in forum Advanced Reversing and Programming
    Replies: 9
    Last Post: July 22nd, 2001, 04:49


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts