alt Hacker NewsAs someone who has done RE for decades, I feel like I've been seeing a lot of new decompilation projects recently, but even before the rise of AI. Possibly correlated with the release of Ghidra? Either way, it's great to see and perhaps a sign of a greater trend.
Controversial opinion: I think the FOSS movement was a setback and distraction from attaining software freedom as well as giving an undeserved negative reputation to "reverse-engineering" in some areas. RMS had the right idea, but missed the mark when it came to practical application by focusing far too much on "source code". Other industries have long been making third-party parts by merely inspecting existing ones with measuring tools, and let's not forget the whole discipline of scientific research is largely what amounts to "reverse-engineering" the natural world. You don't need the original source code if you have good decompilers, and now LLMs to assist.
Decompiling a binary, finding what you need to change, and then patching precisely that piece, seems like a far more liberating process than getting the source code, figuring out how to build it in its entirety, and possibly changing more than only the piece you wanted to. Many years ago, I remember coming across a few Java utilities that were public-domain but not open-source, and the author explicitly told users that they were to use a Java decompiler to decompile, edit, and recompile if they wanted to make any changes.
Replies
RMS is explicitly about FOSS and not just open source (in the sense of source available).
> You don't need the original source code if you have good decompilers, and now LLMs to assist.
Yes, you do. Decompiling and modifying a binary can be illegal itself under the DMCA in certain circumstances. But even if it is not, distributing the decompiled source is against copyright.
> Java utilities that were public-domain but not open-source
AFAIK Java is specifically easy to decompile when it is not further obfuscated. That is not true for many other languages. And while you can technically reverse engineer any language it does make modifying software and even finding out what it does fundamentally more difficult.
> far more liberating process than getting the source code, figuring out how to build it in its entirety, and possibly changing more than only the piece you wanted to.
It's certainly more liberating because there are more restrictions you have to liberate from in the first place. RMS argues that these restrictions should not exist in the first place. As for building being difficult, no free license requires the author to use a good and easy build procedure, but the GPL requires them to provide you all the tools required to build the software unless they are already readily available: "The “Corresponding Source” for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities."
Decompilation allows to fork, but scaling the fork and making it maintenable on a long time scale is a technical challenge.
The FSF succeeded at changing the mindset towards more collaboration.
I agree that this also allowed to divert efforts from research on reverse engineering tooling by reducing the needs.
But AI is game changer for reverse engineering, so no secrets will be hidden in binaries.
In a way, this is a merge of an alternate branch of history where RE would be more powerful.
My personal opinion is that the very concept of IP misses the mark. “Property” requires scarcity. If I use something, it means someone else can’t use that thing. When I use a house for living, others are unable to do so. When I consume food or water, others people can’t do so.
Ideas aren’t scarce. Someone who reads a book, or looks at a picture, or makes use of a copy of software is not preventing other people from doing so. The idea that an idea can be restricted are given exclusive use to one particular party for any amount of time by law, is dystopic.