From: bill@twwells.com (T. William Wells)
To: cypherpunks@toad.com
Message Hash: 9ba76f59340603b1bd63600dfd2240f1ce690a7ae1d5ac8ab66169c8205d9d4a
Message ID: <CCFvDw.4pL@twwells.com>
Reply To: <9308272102.AA17377@toad.com>
UTC Datetime: 1993-08-28 03:08:29 UTC
Raw Date: Fri, 27 Aug 93 20:08:29 PDT
From: bill@twwells.com (T. William Wells)
Date: Fri, 27 Aug 93 20:08:29 PDT
To: cypherpunks@toad.com
Subject: Re: .Comparing ViaCrypt and freeware.
In-Reply-To: <9308272102.AA17377@toad.com>
Message-ID: <CCFvDw.4pL@twwells.com>
MIME-Version: 1.0
Content-Type: text/plain
: > If you're worried about backdoors, reverse engineer it and verify
: > that it works as advertised. Given that the program has to largely
: > duplicate an existing set of source, this should be trivial.
:
: do you mean decompile it, or reverse engineer it based on the
Decompile.
: neither is "trivial" in my mind.
I have a program that (mostly) automatically turns 386 code into
ugly C code. It's not maintainable but, for the purpose of
determining that the commercial product is essentially the same
as the version that you have source to, that's not necessary. You
compile the two versions, decompile them, diff the results,
pattern match to eliminate the artifactual differences, re-diff
and then examine the diff with the proverbial fine-tooth comb.
This would make it quite easy to determine what the commercial
code is actually doing, with a minimum of work. And remember: it
only has to be done once per version.
(No, before anyone asks, the decompiler isn't available. It's not
documented. It's hackery. And the code is gross. You'd be much
better off writing your own; it isn't hard.)
Return to August 1993
Return to “peter honeyman <honey@citi.umich.edu>”