Category Archives: Legal/Ethical

Wiki Never Forgets

Anyone can post anything on any Wiki, subject to a few access control restrictions (such as requiring registration). Stuff can just as easily be deleted but it will show up in an article’s history. I have always wondered what happens when someone enters something controversial that must subsequently be removed. Wiki never forgets.

I visited the XentaxWiki recently and noticed there was a problem with a resource format called BXP from a game called 3D Sex Villa. The article’s content currently states:

Off display pending decision on legal status of information.

The article’s talk page contains some legal wrangling brought on my the creators of the format. Regardless, the original technical format information can be unearthed through the article’s history, viewable by anyone who understands basic Wiki.

Legal Threat #00001

Party! Do you have any idea how long I have been involved in multimedia hacking and reverse engineering? About 5 years now. All that while, folks have warned me sternly, and constantly, that this type of work would get me sued to death. I am pleased to announce that today I received my first legal threat. I feel that my work has finally been validated!

Well, it was not necessarily a legal threat, like those notorious “nastygram” cease & desist letters. It was more like a veiled reference to a possible future legal threat. Someone identifying himself as the assistant general counsel for On2 said that the company took exception to the fact that I was posting decompilations of their Java decoder.

And just when I was starting to feel that no one cared about my work…

Naturally, this raises some pressing questions. First and foremost, why was I contacted by the assistant general counsel? Why doesn’t my case warrant the attention of the lead/primary/head general counsel? Maybe if I went after their latest generation codec, VP7, my actions would merit an escalation.

For the time being, I have decided to not post the Java decompilations on my Practical Reverse Engineering site. This entire site is partially an experiment to test where the limits are. Looks like we found one such limit.

I never had a compelling reason to research legal options surrounding these RE activities. Maybe it is time to start. But I am just so lazy… As always, this subject may be revisited. Feel free to email me regarding this situation.

Thou Shalt Not Create Independent Tests

And software companies wonder why we users have trouble taking software end-user license agreements seriously. Roberto Togni actually read the license that accompanies On2’s VP7 Decoder. It contains this clause:

You may NOT:
4.publish or provide any results of tests, including without limitation benchmark tests, run on the Software to any third party without On2’s prior written consent

In fairness to On2, this is not an uncommon clause in EULAs. However, it presents some very curious scenarios. Am I allowed to publish something like this?

I looked at a VP7 sample and it did not look as good as WMV9, H.264, or even On2’s own VP6.

Maybe I should write and ask permission. A colleague brought up another point: Since this “no benchmark tests” is such a common EULA clause, it should stand to reason that Microsoft’s Windows Media Encoder carries the same license. It is extremely unlikely that Microsoft would have granted written permission for this whitepaper exercise.

Update: Again, to be fair, the decoder license (On2’s Truecast Player) does not appear to mention anything about publishing benchmark tests. That is on the limited trial codec license.

Cribbed Microsoft Media Code

Okay folks, let’s get a few things clear here: Yes, we all know that some official source code for a few of Microsoft’s A/V codecs made it into the wrong hands and is now floating around the internet. Understand that you are not l33t h4X0r if you happen to receive this file. Also, quit sending it to me. I do not want it. I delete it upon receipt. I may have to implement a special mail filter to deal with it.

Realize that this could taint us. I have no problem with ripping open a publically-available binary decoder to discover an algorithm inside (and if they happen to leave the debug symbols compiled in, oops, file that under “their problem” category).

If it makes you feel any better, there are some people who have already glanced at the code and discovered that it covers algorithms that we have already largely reverse engineered, a long time ago, via legitimate methods.

Microsoft should come up with bogus, red herring source code samples and periodically “leak” them, just to give the -ahem- “hacker underground” something to salivate over and feel special about.

…sigh… and I had really hoped to avoid creating a legal/ethical category for this blog…