Let’s first discuss what decompilers are? : A computer program which attempts to create a high level source file by taking an executable file as input so that it can be recompiled successfully is known as a decompiler. In simple words, a decompiler is the opposite of a compiler which takes a source file and makes it an executable file. The purpose of a decompiler is to get the source back from the binary so we can also call it an anti-compiler. Though decompilers are an important tool in the reverse engineering of computer software; many times they are unable to perfectly reconstruct the original source code.
Decompilers myth or fact ?
Is there such a thing as “Perfect Decompiler”?
Decompilation can be categorized in two categories, the first being when the source code retrieval is needed and the second category being when the complete original source code recovery is not needed but the goal is to understand parts of the source code or the whole in a high level language such as C. As the compiler removes information when it does its work so it is understood that for binary decompilation complete source recovery is impossible.
Also, there are some languages where complete decompilation and source code recovery is possible. For example, in PL/SQL language it can be done via the wrapped file as this was one of the intended design features of DIANA.
The Sun compiler also includes a decompiler in its suite and free tools like Jad are available.
Binary decompilation is much harder as for the start the original high level language like C, C++, compiled VB, even Assembler may not be known. But there are few reasonably successful tools written over the past years, some of them are REC, DCC and recently the open source Boomerang.
Other than these some of the best Java decompilers available are: JD Project, Procyon, Cavaj Java Decompiler, DJ Java Decompiler, JBVD, etc.
Why use decompilation?
Decompilers are used for a number of reasons, some of the applications of it are as follows:
- Debugging of programs can be done by using decompilers.
- It can migrate applications to a new hardware platform.
- It can provide interoperability to facilitate migration of a program across platforms.
- By the help of the decompilers, we can determine the existence of viruses or malicious code in the program.
- Decompilation provides antivirus capability so by the help of it we can find vulnerabilities in the given program.
- Recovery of lost source code is one the most important applications of decompilation as it helps in maintaining code if it is lost by accident or via a disgruntled employee.
So now the question that arises here is:
Are they legal or a theft ?
Not all uses of decompilers are legal uses.
Before we talk about the legal uses of decompilers, we need to know about the copyright law which protects computer programs throughout the world. Copyright law protects the developer’s (or company’s) intellectual property by protecting the expression of an idea in the form of a program. It provides the rights to reproduce and make adaptations to the developed computer program to the software developer, among others, which means it provides a number of exclusive rights accordingly to protect the program. Also, it is considered a breach of copyright if some unauthorized user makes reproductions and adaptations without permission of the copyright holder. In some cases, license agreements also bind the user to operate the program in a certain way and to avoid using decompilation or disassembly techniques on that program.
Talking further about the copyright owner’s rights, different countries have different exceptions so precedent has been established in court proceedings which means that some uses are allowed by law. Some of the most common ones are listed below:
- For the purposes of interoperability (to another piece of software or hardware) decompilation/disassembly is allowed where the interface specification has not been made available.
- When the owner of the copyright is not available to make the correction if any, decompilation/disassembly is allowed for the purposes of error correction.
- One can determine the parts of the program without breach of other forms of protection (e.g. patents or trade secrets) only when those parts are not protected by copyright (e.g. algorithms).
In addition to this, one must know that these laws differ from country to country.
Conclusion:
Well talking about the ethnicity of decompilers, I don’t think decompiling a program to see how it works should be considered unethical. Besides reverse-engineering is clearly not theft as ‘theft’ is ‘breach of property’ law and this at worst can be called ‘breach of contract’.
Software is something that comes as a result of investment of time. It may contain some nifty techniques but I don’t agree to the fact that it will damage the value of the product, if those techniques are publicly known.
Also, for 99% of the code there, the efforts needed to decompile the code and then understand it are much more than writing the code in its first place.
As long as developers use knowledge gained from decompilation to learn the underlying techniques and not do a cut-paste job and use it into their own codes, I don’t think they are doing anything unethical.
Plus as far as one obeys the country laws, decompiling would remain ethical.
References:
Papers:
L. Ďurfina, J. Křoustek and P. Zemek, “PsybOt malware: A step-by-step decompilation case study,” 2013 20th Working Conference on Reverse Engineering (WCRE), Koblenz, 2013, pp. 449–456, doi: 10.1109/WCRE.2013.6671321.
Eric Schulte, Jason Ruchti, Matt Noonan, David Ciarletta, Alexey Loginov GrammaTech. “Evolving Exact Decompilation”.
M Van Emmerik, T. Waddington. “Using a Decompiler for Real-World Source Recovery”, doi: 10.1109/WCRE.2004.42, Reverse Engineering, 2004. Proceedings.
M. Shudrak and V. Zolotarev, “The New Technique of Decompilation and Its Application in Information Security,” 2012 Sixth UKSim/AMSS European Symposium on Computer Modeling and Simulation, Valetta, 2012, pp. 115–120, doi: 10.1109/EMS.2012.20.
Other Links:
https://en.wikipedia.org/wiki/Decompiler
https://www.debugmode.com/dcompile/
https://fishbowl.pastiche.org/2003/09/04/reverse_engineering_is_not_theft
