13

I saw this question Does requiring users to accept the GPL before using GPL-licensed software violate the GPL? That states that the GPL license does not apply any restrictions on the user. If that is the case what is there to stop a user from reverse engineering a GPL program and using the reverse engineered code in a non GPL license program?

John Doe
  • 141
  • 1
  • 4
  • 4
    I know you've already accepted the answer here, but I wanted to notify you that I've edited my answer to consider two very different meanings of "reverse engineering" with very different outcomes under copyright law. It's not clear to me which case you meant in your question, so I wanted to let know my answer is now worth a re-read. – apsillers May 18 '23 at 11:43
  • 4
    Wow. Folks' brains are really fried by the extralegal and heinous stuff written in "EULAs" to the point of expecting it, thinking it's normal, and expecting a free software license would even want to do the same. Of course there is nothing to stop you from reverse engineering. There never is. You have the freedom to study something you lawfully possess and come to understand how it works. Anyone whose values align with free software wants you to have that freedom and wants you to know you have that freedom. They don't want to delude you into thinking you have to surrender it. – R.. GitHub STOP HELPING ICE May 19 '23 at 19:54
  • @R..GitHubSTOPHELPINGICE with respect, the question isn't "may I reverse-engineer a GPL program", it's "if I reverse-engineer a GPL program, what conditions if any does the GPL place on me". The freedoms of free software are great, but they don't come without consequences. – MadHatter May 20 '23 at 06:04
  • Does the GPL allow you to reverse-engineer the code? Yes. Does the GPL allow you to use the code (no matter how you got it) in a non-GPL program? No. Well, technically you could "use" the code in non-GPL program, but you could not legally distribute the resulting program without providing the full program source code, since that's a GPL requirement. – Brandin May 23 '23 at 07:17

2 Answers2

33

First, note that the Q&A you link says the "GPL does not place any obligations on the user of" some software. This speaks particularly about a "user" in contrast to a "distributor" or "modifier" of a piece of a software: a "user" merely executes the software as received by some upstream distributor.

Second, you are free to reverse engineer a GPL-licensed binary, though if the distributor did things properly, you should also have the source available, so reverse engineering would get you the same or worse results from what you're already free to do.

  • If you mean "reverse engineering" in the sense of a clean-room reimplementation:

    This will allow you to write code not covered by the GPL, because clean-room design avoids creating a derivative work under copyright law. This is because the author in the clean-room process works strictly from a behavioral specification (which is a procedure, not covered by copyright) constructed by others. People have been performing clean-room reimplementation for decades to produce new, identically-behaving code that isn't based on the material of the original work.

    Note that a legally rigorous defense around clean-room design is difficult to construct practically. You must adhere strictly to a separation of behavior and expression, and you must document your methodology and specifications thoroughly enough to satisfy a court that the author of the new work had no exposure to the existing work.

  • If you mean "reverse engineering" in the sense of running the binary through a decompiler:

    If you believe that reverse engineering a GPL'd binary without looking the source will exempt you from a copyleft obligation to share your changes under the GPL, this is not so. Your reverse engineered source code is still a derivative under copyright law (just as, e.g., a machine translation of a human-language novel would be) so GPL requirements apply to distribution of the derivative work, whenever you choose to distribute it.

apsillers
  • 35,995
  • 4
  • 94
  • 131
  • 17
    To clarify your last paragraph a bit, reverse engineering in the sense of a clean room design could be used (at a significant labor cost) to "get around" the GPL, since it results in an independent non-derivative reimplementation of the original program's functionality. "Reverse engineering" in the sense of just running an executable binary file through a decompiler, however, definitely produces a derivative work that is still bound by the original program's license terms. (And yes, there's also a broad gray area between these two extremes.) – Ilmari Karonen May 18 '23 at 07:16
  • 3
    @IlmariKaronen Ah, thank you! Those are two very different actions under the umbrella of "reverse engineering" and deserve to be considered separately. I edited my answer to consider both. – apsillers May 18 '23 at 11:40
  • So the person has to basically rewrite all the code for it to no longer be under the GPL license? How much code? if I copy an if statement is that enough for my code to be part of GPL? How much do I have to copy to be in violation of the license? Unless there is a hard line it's impossible to say that you CAN reimplemented it without violating the license. Otherwise anyone can highlight some similar code and say 'this came from our repository, see it's like 60% the same, just with different variable names and some other slight changes to make it look different' – TheEvilMetal May 18 '23 at 12:42
  • The only thing I'd personally consider fine is if they looked at the functionality from the user perspective, then recreated that experience from scratch. They still had to figure out a lot to get the functionality to work. Not just copy a method and fiddle a bit till it looks different enough. Fiddling does not mean you can steal peoples work without credit – TheEvilMetal May 18 '23 at 12:45
  • 2
    @TheEvilMetal: Whether a work is derivative of another is controlled by copyright law, not by the GPL. – A. I. Breveleri May 18 '23 at 12:55
  • My main point is that unless you are writing it from scratch you are always at risk of becoming part of a lawsuit. Some amount of copying might be fine, but some other amount is not. How likely is it that this 'reimplementation' results in a lawsuit? It immediately gets more expensive if they have any evidence of you copying code in this reimplementation. – TheEvilMetal May 18 '23 at 13:00
  • 6
    @TheEvilMetal Agreed, that's what I mean by "the author... works strictly from a behavioral specification". Indeed the burden of proof that you've done so (and the subjective determination that the behavioral spec sufficiently abstracts away copyrightable expression) do make clean-room reimplementation a legally onerous prospect. – apsillers May 18 '23 at 14:27
  • @TheEvilMetal It is not a matter of how much code. It is a matter of "original" code. If you used your eyes to read some code and your fingers to type it into another editor that is not original code. It is still copying the old code. In theory you can understand what the old code does and write new code that does the same thing. In practice a GPL author who wants to sue you only have to prove to the courts that the code look similar for the courts to agree it's a copy... – slebetman May 19 '23 at 13:07
  • 3
    @TheEvilMetal ... Companies making clean-room implementation manage to convince the courts that their code are not copies by proving that the employees who write the new code have never seen the old code. How they do it is hire a different group of employees to read the old code but are not allowed to write code. They write specifications for the code writers (who have never seen the old code) to implement. – slebetman May 19 '23 at 13:09
  • I think you misrepresent what "GPL does not place any obligations on the user" means. The point is that all of the rights you have pre-GPL, you still have post-GPL. With no license, you have fair use rights, etc; with the GPL, you have all of those rights and also the right to use the software under the GPL's terms. This is true of everybody, including those who make and distribute derivative works (which I'd argue is a "use"). In contrast, some software makes you, say, click a button waiving your right to reverse-engineer it if you'd otherwise have that right in your jurisdiction. – benrg May 20 '23 at 22:29
  • @benrg I appreciate what you're saying re: the GPL strictly expanding the rights you have, but in the context of the FAQ item quoted on that other question, the FSF itself chooses the language, "You are not required to agree to anything to merely use software which is licensed under the GPL. You only have obligations if you modify or distribute the software." It seems clear to me that "use"/"user" here means private execution, versus other rights. That said, I don't think I fully understand what your argument is yet, so my point might not actually be in communication with your larger argument. – apsillers May 20 '23 at 22:37
5

What mainly prevents users from-reverse engineering GPLed programs is that they have the source code, so they can just read that instead of reverse-engineering. :)

Whether you read the source code, or reverse engineer machine code, and then produce a copy of that code, that copying activity is not a form of use of the program. It may be deemed to be reproduction: you're copying something from the program.

If you're copying something from either the source or compiled form of a GPLed program, you're making a derived work which is still licensed under the GPL. If you redistribute it without reproducing the copyright notice, and obeying all the redistribution rules, it is infringing.

The compiled code is a derived work of the source code, and is itself copyrighted and under the same GPL. You cannot evade copyright by working with binary code.

Being free to use a GPLed program in any manner doesn't amount to being able to redistribute it, or any portion of it, under a different license and authorship.

Kaz
  • 544
  • 3
  • 10
  • "Reverse engineering" in the question most likely refers to a clean room design, not to disassembling/decompiling the binary. – benrg May 20 '23 at 22:31
  • 2
    @benrg "Using the reverse engineered code in a non GPL license program" almost certainly does not refer to clean room design. Clean room design requires someone to reverse engineer the logic, produce a detail requirements specification and then someone else who has never seen the code to implement the specification. – Kaz May 21 '23 at 00:54