Fantastic! We're Baaaaaack.....
Great job guys at getting all of us a shiny new board, and more importantly continuing to protect the knowledge contained within these walls from misguided destruction. The efforts and positive contributions people have made over the past several years should not be lost from public record.
Thanks to +tsehp and $woodmann for all the time and money they have invested in resurrecting the RCE Phoenix from the ashes.
Besides having the forum as a fun place to shoot the shit, this place is needed. Reversing isn't the only thing learnt here, there's a whole generation (or at least those who take something out of it) who learn assembly programming and Windows system operation, let alone the logic behind it all.
There's a database here, available either direct or linked to, to a vast amount of information concerning computer function which has a direct application to low level programming. Whether it's applied in the form of the most ethical and legal of reverse engineering, or whether it's applied to crack is up to the user. The fact is it exists and provides a source of teaching available nowhere else.
If shareware organizations are concerned about this site maybe they should consider its deeper implications and instead target the true get-rich-quick crack sites and warez distribution servers.
There's a few quotes from some lecture notes of a course given by the Massachusetts Institute of Technology entitled "Reverse Engineering in Computer Applications" given in Boston this year I found interesting. It is targetted towards high school students attending the course. It's a good document I think would make a perfect addition to the FAQ:
http://www.geocities.com/hackmansite/fotis/books/re.pdf
----------------------------------
"Reverse Engineering (RE) is the decompilation of any application, regardless
of the programming language that was used to create it, so that one can acquire its
source code or any part of it.
The reverse engineer can re-use this code in his own programs or modify an
existing (already compiled) program to perform in other ways. He can use the
knowledge gained from RE to correct application programs, also known as bugs. But the
most important is that one can get extremely useful ideas by observing how other
programmers work and think, thus improve his skills and knowledge!
Here are just a few reasons that RE exists nowadays and its usage is increasing
each year:
•Personal education
•Understand and work around (or fix) limitations and defects in tools
•Understand and work around (or fix) defects in third-party products.
•Make a product compatible with (able to work with) another product.
•Make a product compatible with (able to share data with) another product.
•To learn the principles that guided a competitor's design.
•Determine whether another company stole and reused some of source code.
•Determine whether a product is capable of living up to its advertised claims.
Not all actions performed can be considered “legal”. Hence, extreme caution
must be taken, not to violate any copyright laws or other treaties. Usually each product
comes with a copyright law or license agreement."
...continued
1.3 Typical Examples
What comes in our minds when we hear RE, is cracking. Cracking is as old as
the programs themselves. To crack a program, means to trace and use a serial number
or any other sort of registration information, required for the proper operation of a
program. Therefore, if a shareware program (freely distributed, but with some
inconveniences, like crippled functions, nag screens or limited capabilities) requires a
valid registration information, a reverse engineer can provide that information by
decompiling a particular part of the program.
Many times in the past, several software corporations have accused others for
performing RE in their products and stealing technology and knowledge. RE is not
limited to computer applications, the same happens with car, weapons, hi-fi components
etc.
All major software developers do have knowledge of RE and they try to find
programmers that are familiar with the concepts that will be taught during this class. RE
are well paid, sometimes their salaries are double or even more, depending on the skills
they have."
...continued
1.3.2 HIDING INFORMATION FROM PUBLIC
Companies are hiding a lot of things: their mistakes, security vulnerabilities,
privacy violations and trade secrets. Usually, if someone finds out how a product works
by reverse engineering, the product will be less valuable. Companies think they have
everything to lose with reverse engineering. This may be true, but the rest of the world
has much to gain.
Many of the privacy risks we face today such as the unique computer
identification numbers in Microsoft Office documents, the sneaky collection of data by
Real Jukebox, or the use of Web bugs and cookies to track users were only discovered by
opening up the hood and seeing how things really work. Companies do not publish
this kind of information publicly.
Sometimes they even disavow that they meant to design and build their products
to work way it ends up working.
PEOPLE ENGAGED IN REVERSE ENGINEERING ARE A CHECK ON
the ability of companies to invade our privacy without our knowledge. By going public
with the information they uncover they are able to force companies to change what they
are doing lest they face a consumer backlash.
Uncovering security vulnerabilities is another domain where reverse engineers
are sorely needed. Whether by poor design, bad implementation, or inadequate testing,
products ship with vulnerabilities that need to be corrected. No one wants bad security,
except maybe criminals, but many companies are not willing to put in the time and
energy required to ship products without even well known classes of problems. They use
weak cryptography, they don't check for buffer overflows, and they use things like
cookies insecurely. Reverse engineers, who publicly release information about flaws,
force companies to fix them, and alert their customers in a timely manner.
The only way the public finds out about most privacy or security problems is
from the free public disclosures of individuals and organizations. There are privacy
watchdog groups and security information clearinghouses but without the reverse
engineers who actually do the research we would never know where the problems are.
There are some trends in the computer industry now that could eliminate the
benefits reverse engineering has to offer. The Digital Millennium Copyright Act (DMCA)
was used by the Motion Pictures Association of America (MPAA) to successfully stop
2600 Magazine from publishing information about the flawed DVD content protection
scheme. The information about the scheme, which a programmer uncovered by reverse
engineering, was now contraband. It was illegal under the DMCA.
Think about that. There are now black boxes, whether in hardware or software,
that are illegal to peek inside. You can pay for it and use it, but you are not allowed to
open up the hood. You cannot look to see if the box violates your privacy or has a
security vulnerability that puts you at risk.
Companies that make hardware and software products love this property and are
going to build their products so that they fall under the protection of the DMCA. CueCat
did this when they built their product. They added a trivial encoding scheme, which they
call encryption, so that their bar code scanner was protected against reverse
engineering by the DMCA. We can expect to see many more companies do this.
----------------------------------
Just a little food for thought while we all gear up for another forum
Regards,
Kayaker
Pulsar Rulez
