Reverse Engineering Source Code
What is Reverse Engineering?
To start with, reverse engineering is a method by which an object is deconstructed for exploring its design, architecture, code and components. It is done to get the information about the components used in making the object. It can be applied to hardware, software and even to human DNA.
Software applications comprise source code files that are compiled to convert them into binary executable code. If this binary executable code is converted back into source code files using a decompiler then this will be termed as reverse engineering of source code.
4 Reverse Engineering Requirements
First, we need source code files of the software such as C/C++ code files and/or java files of the software.
If the source code files of the software are not available then we need to decompile the software using available decompilers as for decompiling android apps and java applications we can use java decompiler and for decompiling C/C++ application, we can use Snowman decompiler or any other C/C++ decompiler.
If the purpose of reverse engineering was to explore the source code then we need a source code editor for searching texts, functionalities, libraries, and/or algorithms in the decompiled source code files and/or shared source code files.
If the purpose of reverse engineering was to make changes in the source code files then using the source code editor we can add and/or delete code modules and/or functionalities.
4 Reverse Engineering Tools
Integrated Development Environment (IDE) - It is a software application comprising source code editor, debugger and builds automation tools. It is used to explore the code files generated upon decompilation or the shared source code files of the software. For example, NetBeans, Eclipse, IntelliJ, and Visual Studio. Without an IDE, developers spend time deciding what tools to use for various tasks, configuring the tools and learning how to use them. Many or even all the necessary dev-test tools are included in one integrated development environment. IDEs are also designed with all their tools under one user interface. An IDE can standardize the development process by organizing the necessary features for software development in the UI.
Decompiler - It is an application that takes an executable file as input and produces high-level source code files. It works opposite to the compiler, which takes a source code file and makes it executable. For example, Java decompiler, Snowman C/C++ decompiler etc. Some compilers and post-compilation tools produce obfuscated code (that is, they attempt to produce output that is very difficult to decompile, or that decompiles to confusing output). This is done to make it more difficult to reverse engineer the executable. While decompilers are normally used to recreate source code from binary executables, there are also decompilers to turn specific binary data files into human-readable and editable sources.
Source code editor - It is a software application to explore the source code files and is used in making edits in the software code and writing source code. For example Notepad++, Sublime Text etc. Source-code editors have features specifically designed to simplify and speed up typing of source code, such as syntax highlighting, indentation, autocomplete and brace matching functionality. These editors also provide a convenient way to run a compiler, interpreter, debugger, or other program relevant for the software-development process. So, while many text editors like Notepad can be used to edit source code, if they don't enhance, automate or ease the editing of code, they are not source-code editors.
Cloud storage platform: Cloud storage platform refers to storage where source code related documents such as source code files, libraries, software user manuals and license information are uploaded and shared. For example, GitHub repository, GitLab etc.
Reverse Engineering Advantages and Disadvantages
Used in infringement cases for generating revenue
Used in identifying the drawbacks, bugs in the original source code and producing code with additional features
Used for research purposes
User for simulating the algorithms used in the software
Performed to maintain documentation of the software
Used in performing security analysis of the software
Used in the building fake software by breaking security and defaming the original software
Used for breaching the software license agreement
Used for monetary advantage such as selling the source code of the software and pirated versions of the software
Used for developing malware for the software code
Case Law Around Reverse Engineering
Sega Enterprises Ltd v Accolade, Inc, (October 1992) -
Sega Enterprises Ltd. (Plaintiff) and Accolade, Inc. (Defendant) made and marketed video game cartridges. In order to make its own games compatible with Sega’s console, Accolade reverse engineered Sega’s video game programs to discover the requirements for compatibility with the console. In order to do this, it first copied Plaintiff’s copyright code and then disassembled it to see how it worked. Defendant then created its own games for use with Plaintiff’s console, but did not copy Plaintiff’s programs or use any of its codes. Plaintiff sued for copyright infringement. The district court granted Plaintiff’s motion for a preliminary injunction to prevent Defendant from further disassembly of Plaintiff’s object codes. Defendant appealed.
Sony Computer Entertainment, Inc. v. Connectix Corp. (June 2000)
Plaintiff Sony Computer Entertainment, Inc. produced and marketed the Sony PlayStation video game console. Sony owned the copyright to BIOS, the software program that operated the PlayStation. Defendant Connectix Corporation made and sold a software program called “Virtual Game Station.” The purpose of the Virtual Game Station was to emulate on a regular computer the functioning of the Sony PlayStation console, so that computer owners who buy the Virtual Game Station software can play Sony PlayStation games on their computers. In order to create the Virtual Game Station, Connectix “reverse engineered” Sony’s BIOS program. As part of the reverse engineering process, Connectix made several intermediate copies of the BIOS program and hence Sony sued Connectix for copyright infringement.
The district court concluded that Sony was likely to succeed on its infringement claim because Connectix’s “intermediate copying” was not a protected fair use. The court also adjured Connectix from selling the Virtual Game Station and copying or using Sony’s BIOS program in the development of other Virtual Game Station products.
SAS Institute, Inc. v. World Programming Ltd. (October 2017)
In this case, the parties disputed whether the defendant infringed a software license by accessing the software’s source code. The Fourth Circuit held that the license’s definition of reverse engineering was unambiguous and favored the plaintiff’s broader interpretation, which expanded the purview of impermissible conduct to defendant’s decompiling and reverse engineering of plaintiff’s business analytics software. The Court also rejected defendant’s attempt to introduce extrinsic evidence showing the ambiguity of the anti-reverse engineering provision, on grounds that defendant’s evidence showed only that the software could be reverse engineered by defendant’s method, not that this type of reverse engineering was the exclusive method.
Accordingly, the Court affirmed the district court’s ruling of summary judgment in Plaintiff’s favor. The Fourth Circuit also observed that Defendant did not point to, nor had the Court discovered, any technical dictionaries revealing a more restrictive definition in the software context.
Source code review is a labor-intensive process that requires an expert to be physically present at the producing party’s or their opposing counsel’s offices – which creates a challenge. Copperpod provides IP consulting services such as Source Code Review, Infringement Claim Charts, Prior Art Search, Reverse Engineering and advises clients on patentability to give a clear picture of the state of the art to navigate away from the potential prior art and monetize IP assets.