[OWASP-Bangalore] [Owasp-Mumbai] [Owasp-delhi] Reverse Engineering

chintan dave davechintan at gmail.com
Thu Jul 1 10:51:24 EDT 2010


Hi all, thanks for your reply.

Appreciate your help on this issue.

On Thu, Jul 1, 2010 at 4:20 AM, Nikhil Kulkarni
<kulkarni.nikhil at gmail.com>wrote:

> This is an interesting discussion ... here's what wikipedia says:
>
> Legality
>
> Reverse engineering software or hardware systems which is done for the
>> purposes of interoperability<http://en.wikipedia.org/wiki/Interoperability> (for
>> example, to support undocumented file formats or undocumented hardware
>> peripherals) is mostly believed to be legal, though patent owners often
>> contest this and attempt to stifle any reverse engineering of their products
>> for any reason.In the United States and many other countries, even if an
>> artifact or process is protected by trade secrets<http://en.wikipedia.org/wiki/Trade_secret>,
>> reverse-engineering the artifact or process is often lawful as long as it is
>> obtained legitimately. Patents <http://en.wikipedia.org/wiki/Patent>, on
>> the other hand, need a public disclosure of an invention<http://en.wikipedia.org/wiki/Invention>,
>> and therefore, patented items do not necessarily have to be
>> reverse-engineered to be studied. One common motivation of reverse engineers
>> is to determine whether a competitor's product contains patent
>> infringements <http://en.wikipedia.org/wiki/Patent_infringement> or copyright
>> infringements <http://en.wikipedia.org/wiki/Copyright_infringement>.
>
>
> The links inside can serve as a starting point for more research ...
>
> Please do let the mailing list know if you uncover any other useful details
> ...
>
> निखिल कुलकर्णी
>
>
> On Thu, Jul 1, 2010 at 06:49, chintan dave <davechintan at gmail.com> wrote:
>
>> Agreed! How about Java Applets?
>>
>> I believe they are subject to manual decompilation. Correct me if I am
>> wrong.
>>
>> On Wed, Jun 30, 2010 at 9:13 PM, Srikar Sagi <srikarsagi at yahoo.com>wrote:
>>
>>> you don't have to do any RE yourself, since there are "Binary Analysis
>>> Tools" which takes executable and creates a run-time environment then loads
>>> each segment and checks for security vulnerabilities/issues.
>>>
>>> --Srikar
>>> 0917-66-176-99
>>>
>>> --- On *Thu, 1/7/10, Soi, Dhruv <dhruv.soi at owasp.org>* wrote:
>>>
>>>
>>> From: Soi, Dhruv <dhruv.soi at owasp.org>
>>> Subject: Re: [Owasp-delhi] Reverse Engineering
>>> To: "'chintan dave'" <davechintan at gmail.com>,
>>> owasp-mumbai at lists.owasp.org
>>>
>>> Cc: owasp-delhi at lists.owasp.org, owasp-bangalore at lists.owasp.org
>>> Date: Thursday, 1 July, 2010, 12:44 AM
>>>
>>>
>>> I think its there in the EULA shipped with any software.
>>>
>>> -----Original Message-----
>>> From: owasp-delhi-bounces at lists.owasp.org<http://mc/[email protected]>
>>> [mailto:owasp-delhi-bounces at lists.owasp.org<http://mc/[email protected]>]
>>> On Behalf Of chintan dave
>>> Sent: 30 June 2010 19:46
>>> To: owasp-mumbai at lists.owasp.org<http://mc/[email protected]>
>>> Cc: owasp-delhi at lists.owasp.org<http://mc/[email protected]>;
>>> owasp-bangalore at lists.owasp.org<http://mc/[email protected]>
>>> Subject: [Owasp-delhi] Reverse Engineering
>>>
>>> Hi Experts,
>>>
>>> I need a small help from you.
>>>
>>> Is RE legal for security assessments of products purchased from vendors?
>>>
>>> There has been a bit of confusion around RE topic.
>>>
>>> I know it is illegal to do RE to steal the idea, however this one, I
>>> need feedback from you folks.
>>>
>>> If you can share some authoritative resources that could confirm on
>>> the legality/illegality, it would be great.
>>>
>>> --
>>> Regards,
>>> Chintan Dave,
>>>
>>> LinkedIn: http://in.linkedin.com/in/chintandave
>>> Blog:http://www.chintandave.com
>>> _______________________________________________
>>> Owasp-delhi mailing list
>>> Owasp-delhi at lists.owasp.org<http://mc/[email protected]>
>>> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>>>
>>> _______________________________________________
>>> Owasp-delhi mailing list
>>> Owasp-delhi at lists.owasp.org<http://mc/[email protected]>
>>> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>>>
>>>
>>>
>>
>>
>> --
>> Regards,
>> Chintan Dave,
>>
>> LinkedIn: http://in.linkedin.com/in/chintandave
>> Blog:http://www.chintandave.com
>>
>> _______________________________________________
>> OWASP-Mumbai mailing list
>> OWASP-Mumbai at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-mumbai
>>
>>
>


-- 
Regards,
Chintan Dave,

LinkedIn: http://in.linkedin.com/in/chintandave
Blog:http://www.chintandave.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-bangalore/attachments/20100701/ecd9c11a/attachment.html 


More information about the OWASP-Bangalore mailing list