Is extracting strings from an executable considered decompilation?
-
13-03-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian質問
I am attempting to parse all possible outputs of a proprietary piece of software (ELF binary) whose license explicitly forbids reverse-engineering, decompilation and disassembly.
So my question is: Could calling strings on the executable in question to list all embedded format-strings possibly be considered reverse-engineering, decompilation or disassembly?
I would doubt it, since strings is supposed to only scan the non-executable part of a binary, but wanted to ask anyways to be somewhat sure.
解決
This question is at the border line between legal matters and technical definitions.
From a technical point of view (in scope of this site):
- Extracting strings from an executable, is an ordinary operations related to reading files and filtering the output. But presenting the output or storing it means technically to copy the content of the file to another place
- Reading strings is not disassembly. Disassembly means to transform the binary codes into assembly code. The string alone, without any assembly directive is not assembly code.
- Reading strings is not decompilation. Decompilation is one step further than disassembly: it's transforming the binary codes into high level languages.
- With reverse-engineering it is more tricky: reading strings is in principle not reverse engineering: it's just reading data. Reverse engineering means to understand how the software works and what algorithms it uses, how it communicates iwith other components, and what data structure is used. Again, simply reading strings, which are human readable data, is not in itself an analysis of the data used by the software to understand how it works.
From a legal point of view (out of scope here):
Legally, it all becomes very slippery. Usually, judges will appoint technical experts ("expert witness") to explain to non-technical folks the technical matters. But the technicical matters will then be interpreted by the lawyers. In the end, the meaning will be what a lawyer may convince the judges - who have no technical background - it is:
- For instance, if in the strings you find out database connection strings, or if you try to interpret the strings, i.e. understand if there are any embedded commands, you have already one foot in reverse engineering, since a lawyer could easily demonstrate that you reading the string is for understanding how it works.
- if you try to find out account names and passwords in the strings, it will be difficult to argue that you're not doing reverse engineering to circumvent security measures.
- Some lawyers could even argue that trying to recognize the encoding of strings, is already an act of reverse-engineering. Fellow engineers might smile. Jurors might truly and in good faith believe it.
- Moreover, the legal definitions changes depending on your jurisdiction.
Conclusion
In short, I am not a lawyer. For legal advice, consult a lawyer or a qualified legal advisor in your jusrisdiction.
Despite that from a technical point of view we consider that reading strings is not disassembly, not decompilation and not reverse engineering, there is a risk that in your jurisdiction, depending on the judge and the way your action is presented, and also depending on the real intent of your action, it might be qualified as an infringement of copyright, since in the end you do some kind of copy which might not be explicitly allowed.
Conversely, other lawyers may analyse the technical matters as being an exception to the general rule. For instance, in some countries, decompilation cannot be forbidden if it is for the sole purpose of interoperability.
他のヒント
It's not decompilation nor disassembly, maybe borders on reverse-engineering but who am I to interpret lawyer-speak?
Your argument that strings is harmless is probably invalid as strings does not necessarily limit itself to non-executable portions of the binary, this is a configuration option which can be overridden using command line options.
Anyway, since you probably won't do this in a public place with many people watching, what are the consequences you must fear, apart from your conscience conflict?
