Please crack this software
-
I was recently asked by a company to "crack" the licencing module for a popular laundry management system written in .net. Now, my first response was to decline and challenge the request to get permission from the owners of the software to do so (the request came bundled with some long fandangled justification and legitimate business reasons) Anyhow, the challenge worked and it was, in fact, a request to do something illegal. I declined. However... thinking on it some more, is simply declining enough? This company will probably just approach some other programmer and learn to disguise the request more carefully... Do i have an ethical/legal obligation/responsibility to report this matter to: a) the authorities b) the software owners c) other ? Somehow keeping quiet about it just feels weird (you know, evil reigns 'cos good men do nothing- that sort of thing). This is a first for me, so while i reason this one out, it'd be good to get a feel for what the programmer society reasons... I know, i'd feel pretty :mad: if someone started stealing my salary.
<>< :: have the courage to use your own reason
I work for a company that manufactures security devices, and part of my job is to crack, or attempt to crack, theoretically secure solutions. No one who values employment and liberty will touch one of these projects without a get-out-of-jail-free letter. A letter on company stationary with the signature of a director-level person from the company who owns the software or LAN. If, and only if, the solution does not touch the Internet, nor does it touch anyone else's LAN, nor am I under contractual obligation not to reverse engineer, then I might talk about it without a letter. Of course, Black Hat would be pretty boring if people weren't in fact running up stand alone systems and trying things out, or doing it for real with notification and permission.
BiometricMan
-
i guess it is arguable wether asking someone to do something illegal is actually "ok" afterall, no harm done.... yet. sheesh... you really get asked to do this kind of thing often?
<>< :: have the courage to use your own reason
I don't know if cracking software is illegal. I mean just breaking the installation key isn't using the program without paying for it. You'd have to install it after you crack it IMHO for a crime to have been committed. Even then I'm not sure if it is criminal or just civil. I think it would be civil violation and the copyright owner would have to sue for damages (the cops wouldn't care). There isn't any physical property to return to the rightful owner, etc, etc, it is just financial damages which the courts would have to decide.
-
I was recently asked by a company to "crack" the licencing module for a popular laundry management system written in .net. Now, my first response was to decline and challenge the request to get permission from the owners of the software to do so (the request came bundled with some long fandangled justification and legitimate business reasons) Anyhow, the challenge worked and it was, in fact, a request to do something illegal. I declined. However... thinking on it some more, is simply declining enough? This company will probably just approach some other programmer and learn to disguise the request more carefully... Do i have an ethical/legal obligation/responsibility to report this matter to: a) the authorities b) the software owners c) other ? Somehow keeping quiet about it just feels weird (you know, evil reigns 'cos good men do nothing- that sort of thing). This is a first for me, so while i reason this one out, it'd be good to get a feel for what the programmer society reasons... I know, i'd feel pretty :mad: if someone started stealing my salary.
<>< :: have the courage to use your own reason
Anything done overtly will get you fired. Are you ready to stand up against evil? or just pay lip service. This could be a test by the company of your morality and values. Only you will know whether its just a test. Right now I assume you believe this wasn't a test. Since you are continuing to read this, it wasn't a test. If you are ready to be a white knight, then you'll lose your job. 1) Document what happened during that event, who was there, anyone who "may" have heard what was asked. The date and time. Etc... 2) If it wasn't your direct supervisor, then tell your direct supervisor. 3) Document that meeting. 4) Contact someone in senior management, preferably the CEO. Tell him and provide documentation to him. 5) Document that meeting. 6) Contact the FBI and ask for direction. They will help direct you to the proper agency. 7) Document that conversation. As the boulder rolls down the hill (i.e. word is spreading amongst senior management) you are looking for a new job. Eventually you will be crushed by the boulder and fired. Maybe the CP people can help you find a new job where personal values mean something.
-
I was recently asked by a company to "crack" the licencing module for a popular laundry management system written in .net. Now, my first response was to decline and challenge the request to get permission from the owners of the software to do so (the request came bundled with some long fandangled justification and legitimate business reasons) Anyhow, the challenge worked and it was, in fact, a request to do something illegal. I declined. However... thinking on it some more, is simply declining enough? This company will probably just approach some other programmer and learn to disguise the request more carefully... Do i have an ethical/legal obligation/responsibility to report this matter to: a) the authorities b) the software owners c) other ? Somehow keeping quiet about it just feels weird (you know, evil reigns 'cos good men do nothing- that sort of thing). This is a first for me, so while i reason this one out, it'd be good to get a feel for what the programmer society reasons... I know, i'd feel pretty :mad: if someone started stealing my salary.
<>< :: have the courage to use your own reason
You have no legal obligation to report the incident. Moreover, under US copyright law, there are certain types of copying that is legal. For example, copying for reverse engineering purposes is allowed. However, what you may legally do with the software after you have copied it is circumscribed under the Copyright code. My point is, that the solicitation to copy or "break" certain copyright security software codes is not, necessarily, an infringement of a copyright owners rights.
-
As a software developer myself am concerned over the piracy issue. Crackers use all sort of techniques and many are successful on the crack. Their intentions are not profit but challenge and fun, that is why they distribute the cracked software for free. The fact is that they assure they are converting the product into a time unrestricted trial version. On the other side of the coin, this is proven to lead to sales from the developer company, many of which are in constant upgrading to new features, so the cracked software becomes obsolete in some time frame. I can not remain blinded assuming that my software will not fall victim of piracy, and the best thing to do is to test it, just like Mercedes Benz crashes a beautiful sedan in the search of faults. Many software companies rely on protection schemes well known to crackers, and hence they are probably paying for false protection. Once I found a protection bug in a 3d software called MilkShape, which I am a paid customer. I documented the way on which the software could be cracked and sent it privately to the developer. He was very glad on what I did and he corrected the problem "Pronto". I didn't charge a cent, but am sure that kind of information has its price. Is like a doctor finding a virus and a way of destroying it. So, if you find a way to crack the software and proceed correctly, probably someone could be glad if you find a way on which you avoided his salary to get stolen. If you proceed in the wrong way, yes, you could be end up doing a bad thing. The result depends on the path you choose NEO, red pill or blue pill.
The crack in this case was easy to circumvent since i was provided with the unobsfucated .net assembly that did the licence checking. The idea in this case was to circumvent the logic that stopped the application 'cos of an expired licence. Basically, always return TRUE from the IsLicensed() call :doh: I suppose though, based on what you are saying is that letting the developer company know that "hey. your stuff is pretty easy to get around. try obsfucating (for one) or maybe productX?" interesting idea. tx
<>< :: have the courage to use your own reason
-
You have no legal obligation to report the incident. Moreover, under US copyright law, there are certain types of copying that is legal. For example, copying for reverse engineering purposes is allowed. However, what you may legally do with the software after you have copied it is circumscribed under the Copyright code. My point is, that the solicitation to copy or "break" certain copyright security software codes is not, necessarily, an infringement of a copyright owners rights.
-
I don't know if cracking software is illegal. I mean just breaking the installation key isn't using the program without paying for it. You'd have to install it after you crack it IMHO for a crime to have been committed. Even then I'm not sure if it is criminal or just civil. I think it would be civil violation and the copyright owner would have to sue for damages (the cops wouldn't care). There isn't any physical property to return to the rightful owner, etc, etc, it is just financial damages which the courts would have to decide.
in this case, it would be crack the licence so that the servers could continue running "as if" they are licenced for an extended period of time. allegedly, to give time to sort out a renewal of the licence without interrupting the server. my question is: why not just start the renewal process a little earlier than 30 minutes after somebody's logged a support call noticing that the server is not responding anymore :doh: :laugh:
<>< :: have the courage to use your own reason
-
homegrown wrote:
evil reigns 'cos good men do nothing
That's true.
homegrown wrote:
This is a first for me, so while i reason this one out, it'd be good to get a feel for what the programmer society reasons...
If you have evidence (emails, etc.) then blow the whistle by either informing the authorities or the supplier of the software. If you don't have evidence then there isn't much you can do. Either which way you might want to ready your CV or résumé in preparation to move on just in case. (Or you might just like to pre-emptively move on as you now know that the company culture does not match your own)
homegrown wrote:
I know, i'd feel pretty :mad: if someone started stealing my salary.
Absolutely. And I think that is exactly the correct way to look at it.
Upcoming FREE developer events: * Developer Day Scotland Recent blog posts: * Follow up on hiring a software developer * The Value of Smaller Methods My website | blog
-
You have no legal obligation to report the incident. Moreover, under US copyright law, there are certain types of copying that is legal. For example, copying for reverse engineering purposes is allowed. However, what you may legally do with the software after you have copied it is circumscribed under the Copyright code. My point is, that the solicitation to copy or "break" certain copyright security software codes is not, necessarily, an infringement of a copyright owners rights.
jvcsr1 wrote:
Moreover, under US copyright law, there are certain types of copying that is legal. For example, copying for reverse engineering purposes is allowed.
Yes under copyright law only. However software protected solely by copyright law in the US is rare. Especially that delivered as a binary. Agreements, licenses and contracts can all override that. http://www.ipinfoblog.com/archives/licensing-law-issues-contracts-trump-fair-use-and-reverse-engineering.html[^]
-
You definitely did the right thing by turning them down. To ask someone to do that on a professional level is far past any type of ethical boundaries I could possibly imagine. The moral arguments on piracy notwithstanding, the way this was requested of you kinda makes my stomach turn. Then when I see that others have been in similar situations, I just shudder. The idealist in me says that if piracy is going to happen, it should be tucked away in someone's cold, dark basement, away from the mainstream. It's a shame we don't live in that world. If you can't get any legal action against the requestor, I think he/she at least deserves a flaming bag of poop on the doorstep. :D I wish you luck. And for the record, I support your "crusade".
thanks for the support. to think the requestor is actually a value added reseller of the software system. when i asked him to get an "ok" from the makers of the software he declined saying that they would never allow it. but not to worry, we would be the only 2 people in the world who would ever know :wtf: like that makes a difference...
<>< :: have the courage to use your own reason
-
I have been asked to deface websites, hack bank websites, write viruses to infect opposition companies and variuos other shady activities, and the people asking these things of me have always been people with little or no money or respect for what us a programmers go through to build these systems, I have always declined but never thought of reporting these things as nothing actually came of any of these requests if you do let us know what happend, its funny to me that companies will rather break the law than fork out the cash for a system that is integral to the running of thier company. Find a new job my man with a company that is willing to pay for the work we as programmers do. I bet software is not the only thing they dont pay for.
GDMFSOB wrote:
its funny to me that companies will rather break the law than fork out the cash for a system that is integral to the running of thier company
that is odd. but so true. like who's bright idea is that? :-D hey, i need a delivery van to operate my delivery business, but don't really want to buy the car. mmm.. what to do? what to do? o, i know! i'll steal one! :) what kind of person thinks that way?
<>< :: have the courage to use your own reason
-
I do not now how the situation is in the US, but pirates are my heroes. I don't have the money to buy the software, nor i have time sometimes nor a credit card. Nor do i want it once i see how it works sometimes. So with all this together i love those guys that crack the software. They are my personal heroes. On the other hand, i've never written my own commercial software so i can't tell what i would think if i did. But i think, as with most things in life, you gotta balance the situation out: if the guys making the software already made a huge amount of money then crack it, otherwise don't and let them make their hard earned cash. In your case i don't think these guys made a lot of money so don't crack it. But at the same time don't report your company. BSA will just show-bust them. And maybe it was one guys idea or something. Balance it out. Fine balance. Hardcoded principles will get us nowhere. Imagine if no one cracked the video games :D How much happiness would be wasted in the world...:) I think knowledge should be free and open, after the guys that thought of it make a enough money! :) Don't report them...just explain to them that it's not cool stealing somebodies ideas and then stealing a part of the market from them with their ideas.
stupanic wrote:
.just explain to them that it's not cool stealing somebodies ideas and then stealing a part of the market from them with their ideas.
here's a question for you then.. if somebody positively knows that what they're asking you to do is not above aboard... and in this case they are very well aware of what they're requesting... what chance is there of actually listening to that explanation and taking it to heart?
<>< :: have the courage to use your own reason
-
What would you do if... The software company your organization is doing business with sells you software to install in hundreads of workstations, and the only way to activate the software on each of the workstation requires a cumbersome manual process done on each of those workstations (install and upgrade), that's right, no SMS possible. Negociations are made with the software company, suggestions are made in regards to usage control tools (licensing server and such), tight auditing, etc. but the software company won't budge. I have been a witness to such a behavior. The customer is currently abiding by the software company rule, but everybody involved with this given software company is really mad at them. Will the organization recommend that software company to other organizations around them ? I am not advocating cracking software, but, some behavior seen with some software companies could potentially set the ground to hiliting this choice as a means to releaving the software maintenance process in a large organization.
this particular case is pretty similar to what you're describing
nwfrog wrote:
a means to releaving the software maintenance process in a large organization
or at least, that is, is how it was pitched to me. the truth, i don't really know. essentially, they need a workaround to keep the servers running while they organise a renewal. my question is (as posted in another message somewhere in this thread)... why not just pre-empt the licence renewal before somebody logs a support call noticing that the server is not responding anymore :doh: and if the software really is so crappy that supporting it is an absolute nightmare... perhaps spend more productive effort re-evaluating your position, or just be prepared to work really hard for those big bucks :)
<>< :: have the courage to use your own reason
-
I was recently asked by a company to "crack" the licencing module for a popular laundry management system written in .net. Now, my first response was to decline and challenge the request to get permission from the owners of the software to do so (the request came bundled with some long fandangled justification and legitimate business reasons) Anyhow, the challenge worked and it was, in fact, a request to do something illegal. I declined. However... thinking on it some more, is simply declining enough? This company will probably just approach some other programmer and learn to disguise the request more carefully... Do i have an ethical/legal obligation/responsibility to report this matter to: a) the authorities b) the software owners c) other ? Somehow keeping quiet about it just feels weird (you know, evil reigns 'cos good men do nothing- that sort of thing). This is a first for me, so while i reason this one out, it'd be good to get a feel for what the programmer society reasons... I know, i'd feel pretty :mad: if someone started stealing my salary.
<>< :: have the courage to use your own reason
Naturally the most predominate factor in this is the legal jurisdictions that the activity occurs in (physically and perhaps legally.) The secondary factor is what specific agreements exist between the two business entities. For example there could be a contract between the two allowing code sharing and the specific request to reverse it comes about because the source company is having trouble actually producing the source. In the US, in general, I believe that all reverse engineering would be covered by civil rather than criminal statues. So there are no 'authorities' to report it to. Employement status is also a factor. At an employee as a minimum in such a situation I would ask for written instructions. That makes your superior and indirectly the company liable. If you note the same concern to your boss they themselves might seek written instructions as well. A contractor at a minimum would need to seek a bond/waiver to cover all potential legal costs. And myself I would make sure that the company had enough resources to actually cover such costs. If the company has a legal right to undertake this then they shouldn't have any problem agreeing to the above requirements. In terms of morality one must consider that one is in a business situation which does in fact make moral demands on one. For example if the company does have the legal right to reverse the code then you do not have the right to refuse even if you reject all such work as immoral. Your only choice then would be to quit and in the future have prospective companies explain to you in advance how they would approach such a situation. This is similar to insisting that a company must add to an open source product because they are using it even though there is no licensing demands that require that.
-
I work for a company that manufactures security devices, and part of my job is to crack, or attempt to crack, theoretically secure solutions. No one who values employment and liberty will touch one of these projects without a get-out-of-jail-free letter. A letter on company stationary with the signature of a director-level person from the company who owns the software or LAN. If, and only if, the solution does not touch the Internet, nor does it touch anyone else's LAN, nor am I under contractual obligation not to reverse engineer, then I might talk about it without a letter. Of course, Black Hat would be pretty boring if people weren't in fact running up stand alone systems and trying things out, or doing it for real with notification and permission.
BiometricMan
-
I was recently asked by a company to "crack" the licencing module for a popular laundry management system written in .net. Now, my first response was to decline and challenge the request to get permission from the owners of the software to do so (the request came bundled with some long fandangled justification and legitimate business reasons) Anyhow, the challenge worked and it was, in fact, a request to do something illegal. I declined. However... thinking on it some more, is simply declining enough? This company will probably just approach some other programmer and learn to disguise the request more carefully... Do i have an ethical/legal obligation/responsibility to report this matter to: a) the authorities b) the software owners c) other ? Somehow keeping quiet about it just feels weird (you know, evil reigns 'cos good men do nothing- that sort of thing). This is a first for me, so while i reason this one out, it'd be good to get a feel for what the programmer society reasons... I know, i'd feel pretty :mad: if someone started stealing my salary.
<>< :: have the courage to use your own reason
Perhaps the better solution would have been to offer to "clone" the software from scratch so the customer could own the rights. That would quickly smoke out thier core interests, i.e. stealing the application or having control of a critial business tool.
-
Perhaps the better solution would have been to offer to "clone" the software from scratch so the customer could own the rights. That would quickly smoke out thier core interests, i.e. stealing the application or having control of a critial business tool.
funny you mention that. they actually asked for a "clone" of the software first. their suggested route to business analysis and understanding the requirements..? you might have guessed it... disassemble the .net binaries :)
<>< :: have the courage to use your own reason
-
stupanic wrote:
.just explain to them that it's not cool stealing somebodies ideas and then stealing a part of the market from them with their ideas.
here's a question for you then.. if somebody positively knows that what they're asking you to do is not above aboard... and in this case they are very well aware of what they're requesting... what chance is there of actually listening to that explanation and taking it to heart?
<>< :: have the courage to use your own reason
-
funny you mention that. they actually asked for a "clone" of the software first. their suggested route to business analysis and understanding the requirements..? you might have guessed it... disassemble the .net binaries :)
<>< :: have the courage to use your own reason
I am not positive, but I think that using the original code to document functionality is a legitimate usage. Providing you then generated all new code to perform the same or similar functionality, you should not be in violation of the copyright. Having a firewall between the analysis and writing the new code (i.e. done by different people) would provide a more defensible legal position.
-
of course i downloaded songs way back when. but just 'cos everyone was doing it, didn't make it right. and that was years ago. i learned, understood better and since stopped. now i buy legal and it actually feels goooood. :D so it's a not a holier-than-thou crusade against pirates: it's more like: what's the most responsible thing to do, as a professional in the game, having being approached? i like the angle of actually taking the time to educate and talk to the dude who asked me; explaining exactly what he's asking me to do, the implications and consequences. and then encouraging him to solve the problem legally. reporting might be a last resort if it's blatant and deliberate piracy... but i also can't let the fact that i used to be a pirate stop me from promoting law-abiding behaviour either. what if this dude gets bust through another channel (out of ignorance) and loses his business because i didn't challenge his views on piracy today 'cos i was scared of being labelled hypocritical? and it's the same with drugs and all sorts of other anti-social behaviour.that used to be me... but does that i mean i can't tell kids to stay away at the risk of appearing hypocritical? i'd rather encourage behaviour that avoids jail sentences and massive fines, even if i managed to get away with it in the past. it's just not a good road to follow, is all. i think if i was still pirating MP3's, DVD's, software whatever and having issues with this guy.. then yes. i'd be a buffoon :)
<>< :: have the courage to use your own reason
homegrown wrote:
now i buy legal and it actually feels goooood.
Except to your wallet lol
homegrown wrote:
i like the angle of actually taking the time to educate and talk to the dude who asked me;
Well good on you. It wont be easy to try and tell they guy who asked you. When you were downloading songs and that, and someone tried to tell you it was bad... would have you listened? Im not trying to say dont do it, infact I think that first you should talk to him, and if he doesnt listen, and if you have the evidence, you should get the software company in on it.
"There are three sides to every story. Yours, mine and the truth" ~ unknown