Hacker Timesnew | past | comments | ask | show | jobs | submitlogin

From my understanding, you are allowed to decompile and inspect the released binaries, as well as intercept and analyze all inbound/outbound data, as long as you aren't modifying the running binary in any fashion. Things like debuggers are commonly used for this goal, as are tools like wireshark for analyzing the traffic. Once you create a specification based on your analysis, someone can create a clean-room implementation from that spec.


Exactly. Deobfuscated version just comfortable to debugging.


Sure, but it doesn't mean you're allowed to publish a deobfuscated version...


This is a serious obstacle to collaborative open-source reverse-engineering.


Yes it is, but thats where other solutions need to be met.... say a script that de-obfuscates a vanilla binary package so the output is created on the users machine vs being distributed as such. You can distribute the script and leave compliance to the end user.


If the result of this script is forbidden to be distributed, this could be a rationale for forbidding the distribution of the script itself.

If I write a script that generates the Matrix movies from the binary file of, say, Elephant's Dream, I won't be allowed to distribute that.


Yes, copyright law is complicated. You need to make sure the script used to create a deobfuscated binary isn't a derived work from the original binary, whatever that means (that's where consulting with a lawyer can help).


Is a patch a derived work from the file it applies to ? It is impossible to produce the patch without using the original file, yet intuitively, I would say no.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: