Hi all, thanks for your reply.<br><br>Appreciate your help on this issue.<br><br><div class="gmail_quote">On Thu, Jul 1, 2010 at 4:20 AM, Nikhil Kulkarni <span dir="ltr">&lt;<a href="mailto:kulkarni.nikhil@gmail.com">kulkarni.nikhil@gmail.com</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">This is an interesting discussion ... here&#39;s what wikipedia says:<div><br></div><div><span style="font-family: sans-serif; font-size: 13px; line-height: 19px;"><blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">


Legality</blockquote><blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">

Reverse engineering software or hardware systems which is done for the purposes of <a href="http://en.wikipedia.org/wiki/Interoperability" title="Interoperability" style="" target="_blank"><font color="#000000">interoperability</font></a> (for example, to support undocumented file formats or undocumented hardware peripherals) is mostly believed to be legal, though patent owners often contest this and attempt to stifle any reverse engineering of their products for any reason.In the United States and many other countries, even if an artifact or process is protected by <a href="http://en.wikipedia.org/wiki/Trade_secret" title="Trade secret" style="" target="_blank"><font color="#000000">trade secrets</font></a>, reverse-engineering the artifact or process is often lawful as long as it is obtained legitimately. <a href="http://en.wikipedia.org/wiki/Patent" title="Patent" style="" target="_blank"><font color="#000000">Patents</font></a>, on the other hand, need a public disclosure of an <a href="http://en.wikipedia.org/wiki/Invention" title="Invention" style="" target="_blank"><font color="#000000">invention</font></a>, and therefore, patented items do not necessarily have to be reverse-engineered to be studied. One common motivation of reverse engineers is to determine whether a competitor&#39;s product contains <a href="http://en.wikipedia.org/wiki/Patent_infringement" title="Patent infringement" style="" target="_blank"><font color="#000000">patent infringements</font></a> or <a href="http://en.wikipedia.org/wiki/Copyright_infringement" title="Copyright infringement" style="" target="_blank"><font color="#000000">copyright infringements</font></a>.</blockquote>


</span></div><div><br></div><div>The links inside can serve as a starting point for more research ... </div><div><br></div><div>Please do let the mailing list know if you uncover any other useful details ... </div><div><br clear="all">


निखिल कुलकर्णी<br>
<br><br><div class="gmail_quote"><div><div></div><div class="h5">On Thu, Jul 1, 2010 at 06:49, chintan dave <span dir="ltr">&lt;<a href="mailto:davechintan@gmail.com" target="_blank">davechintan@gmail.com</a>&gt;</span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"><div><div></div><div class="h5">

Agreed! How about Java Applets?<br><br>I believe they are subject to manual decompilation. Correct me if I am wrong.<br><br><div class="gmail_quote">On Wed, Jun 30, 2010 at 9:13 PM, Srikar Sagi <span dir="ltr">&lt;<a href="mailto:srikarsagi@yahoo.com" target="_blank">srikarsagi@yahoo.com</a>&gt;</span> wrote:<br>



<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"><table border="0" cellpadding="0" cellspacing="0"><tbody><tr><td style="font: inherit;" valign="top">



you don&#39;t have to do any RE yourself, since there are &quot;Binary Analysis Tools&quot; which takes executable and creates a run-time environment then loads each segment and checks for security vulnerabilities/issues.<br>



<br><font style="font-family: bookman old style,new york,times,serif;" size="2">--Srikar<br><span style="font-weight: bold;">0917-66-176-99</span></font><br><br>--- On <b>Thu, 1/7/10, Soi, Dhruv <i>&lt;<a href="mailto:dhruv.soi@owasp.org" target="_blank">dhruv.soi@owasp.org</a>&gt;</i></b> wrote:<br>



<blockquote style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;"><br>From: Soi, Dhruv &lt;<a href="mailto:dhruv.soi@owasp.org" target="_blank">dhruv.soi@owasp.org</a>&gt;<br>Subject: Re: [Owasp-delhi] Reverse Engineering<br>



To: &quot;&#39;chintan dave&#39;&quot; &lt;<a href="mailto:davechintan@gmail.com" target="_blank">davechintan@gmail.com</a>&gt;, <a href="mailto:owasp-mumbai@lists.owasp.org" target="_blank">owasp-mumbai@lists.owasp.org</a><div>


<div>
<br>Cc: <a href="mailto:owasp-delhi@lists.owasp.org" target="_blank">owasp-delhi@lists.owasp.org</a>, <a href="mailto:owasp-bangalore@lists.owasp.org" target="_blank">owasp-bangalore@lists.owasp.org</a><br></div></div>Date: Thursday, 1 July, 2010, 12:44 AM<div>


<div></div><div><div>
<div></div><div><br><br><div>I think its there in the EULA shipped with any software.<br><br>-----Original Message-----<br>From: <a href="http://mc/compose?to=owasp-delhi-bounces@lists.owasp.org" target="_blank">owasp-delhi-bounces@lists.owasp.org</a><br>



[mailto:<a href="http://mc/compose?to=owasp-delhi-bounces@lists.owasp.org" target="_blank">owasp-delhi-bounces@lists.owasp.org</a>] On Behalf Of chintan dave<br>Sent: 30 June 2010 19:46<br>To: <a href="http://mc/compose?to=owasp-mumbai@lists.owasp.org" target="_blank">owasp-mumbai@lists.owasp.org</a><br>



Cc: <a href="http://mc/compose?to=owasp-delhi@lists.owasp.org" target="_blank">owasp-delhi@lists.owasp.org</a>; <a href="http://mc/compose?to=owasp-bangalore@lists.owasp.org" target="_blank">owasp-bangalore@lists.owasp.org</a><br>



Subject: [Owasp-delhi] Reverse Engineering<br><br>Hi
 Experts,<br><br>I need a small help from you.<br><br>Is RE legal for security assessments of products purchased from vendors?<br><br>There has been a bit of confusion around RE topic.<br><br>I know it is illegal to do RE to steal the idea, however this one, I<br>



need feedback from you folks.<br><br>If you can share some authoritative resources that could confirm on<br>the legality/illegality, it would be great.<br><br>-- <br>Regards,<br>Chintan Dave,<br><br>LinkedIn: <a href="http://in.linkedin.com/in/chintandave" target="_blank">http://in.linkedin.com/in/chintandave</a><br>



Blog:<a href="http://www.chintandave.com" target="_blank">http://www.chintandave.com</a><br>_______________________________________________<br>Owasp-delhi mailing list<br><a href="http://mc/compose?to=Owasp-delhi@lists.owasp.org" target="_blank">Owasp-delhi@lists.owasp.org</a><br>



<a href="https://lists.owasp.org/mailman/listinfo/owasp-delhi" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-delhi</a><br><br>_______________________________________________<br>Owasp-delhi mailing list<br>



<a href="http://mc/compose?to=Owasp-delhi@lists.owasp.org" target="_blank">Owasp-delhi@lists.owasp.org</a><br><a href="https://lists.owasp.org/mailman/listinfo/owasp-delhi" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-delhi</a><br>



</div></div></div></div></div></blockquote></td></tr></tbody></table><br></blockquote></div><div><div></div><div><br><br clear="all"><br>-- <br>Regards,<br>Chintan Dave,<br><br>LinkedIn: <a href="http://in.linkedin.com/in/chintandave" target="_blank">http://in.linkedin.com/in/chintandave</a><br>



Blog:<a href="http://www.chintandave.com" target="_blank">http://www.chintandave.com</a><br>
</div></div><br></div></div>_______________________________________________<br>
OWASP-Mumbai mailing list<br>
<a href="mailto:OWASP-Mumbai@lists.owasp.org" target="_blank">OWASP-Mumbai@lists.owasp.org</a><br>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-mumbai" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-mumbai</a><br>
<br></blockquote></div><br></div>
</blockquote></div><br><br clear="all"><br>-- <br>Regards,<br>Chintan Dave,<br><br>LinkedIn: <a href="http://in.linkedin.com/in/chintandave">http://in.linkedin.com/in/chintandave</a><br>Blog:<a href="http://www.chintandave.com">http://www.chintandave.com</a><br>