It is amazing, and rather disconcerting, to realize how much software we run without knowing for sure what it does. We buy software off the shelf in shrink wrapped packages. We run setup utilities that install numerous files, change system settings, delete or disable older versions and superseded utilities, and modify critical registry files. Every time we access a Web site, we may invoke or interact with dozens of programs and code segments that are necessary to give us the intended look, feel, and behavior. We purchase CD's with hundreds of games and utilities or download them as shareware. We exchange useful programs with colleagues and friends when we have tried only a fraction of each program’s features.
Then, we download updates and install patches, trusting that the vendors are sure that the changes are correct and complete. We blindly hope that the latest change to each program keeps it compatible with all of the rest of the programs on our system. We rely on much software that we do not understand and do not know very well at all.
Many people fear hackers because they have been instilled with a negative view from the press, however, you owe many advancements made in computer software and hardware to hacking.
Hacker is a term used to describe different types of computer experts, who employ a tactical, rather than strategic, approach to computer programming, administration, or security. In computer programming, hacker means a programmer who hacks or reaches a goal by employing a series of small changes or additions to extend existing code and/or resources. In technical fields outside of computing, hacker is sometimes extended to mean an expert who has particularly detailed knowledge and uses this knowledge to cleverly circumvent limits to reach solutions.
Hacker means different things to some people.
To the popular press: means someone who breaks into computers
Among programmers: it means a good programmer
But the two meanings are connected. To programmers, "hacker" connotes mastery in the most literal sense. A hacker is someone who can make a computer do what he wants - whether the computer wants to or not.
To add to the confusion, the noun "hack" also has two senses. It can be either a compliment or an insult. It's called a hack when you do something in an ugly way. But when you do something so clever that you somehow beat the system, that's also called a hack. The word is used more often in the former than the latter sense, probably because ugly solutions are more common than brilliant ones.
Notice the definition given for the word "hack" according to the
Encarta Dictionary for a good example of the two tenses to this word.
computer enthusiast: somebody who is interested or skilled in computer technology and programming
amateur player: somebody who enjoys a sport but lacks skill in it
Believe it or not, the two senses of "hack" are also connected. Ugly and imaginative solutions have something in common: they both break the rules. And there is a gradual continuum between rule breaking that's merely ugly (using duct tape to attach something to your bike) and rule breaking that is brilliantly imaginative (discarding Euclidean space).
As a hacker myself, I have often been criticized for the stand I take on computer technology, and when people get over their shock usually ask me, “How can you possibly condone hacking and reverse engineering?”
These questions are usually prompted by a limited understanding of hacking, and the fact that the negative connotation of both fields is frequently touted in the press.
To many people, the idea of hacking may conjure up stylized images of electronic vandalism, espionage, dyed hair, and body piercings. Most people associate hacking with breaking the law, therefore dubbing all those who engage in hacking activities to be criminals. Granted, there are people out there who use hacking techniques to break the law, but hacking isn't really about that. In fact, hacking is more about following the law than breaking it.
The essence of hacking is finding unintended or overlooked uses for the laws and properties of a given situation and then applying them in new and inventive ways to solve a problem.
Hacking is a tool... much like a stethoscope is a tool. A stethoscope could be used by a burglar to listen to the lock mechanism of a safe as the tumblers fall in place. But the same stethoscope could be used by your family doctor to detect breathing or heart problems. Or, it could be used by a computer technician to listen closely to the operating sounds of a sealed disk drive to diagnose a problem without exposing the drive to potentially-damaging dust and pollen. The tool is not inherently good or bad. The issue is the use to which the tool is put. It is much the same with hacking; it is not inherently good or evil unless it is used to good or evil purposes.
It says a great deal about our work that we use the same word for a brilliant or a horribly cheesy solution. When we cook one up we're not always 100% sure which kind it is. But as long as it has the right sort of wrongness, that's a promising sign. It's odd that people think of programming as precise and methodical. Computers are precise and methodical. Hacking is something you do with a gleeful laugh.
Reverse engineering is a process where an engineered artifact (be it a car, jet engine, or software program) is deconstructed in a way that reveals its innermost details, such as its design and architecture.
In the software world reverse engineering boils down to taking an existing program for which source-code or proper documentation is not available and attempting to recover details regarding its’ design and implementation.
Hacking and reverse engineering is particularly useful in modern software analysis for a wide variety of purposes:
Finding malicious code: Many virus and malware detection techniques use reverse engineering to understand how abhorrent code is structured and functions.
Discovering unexpected flaws and faults: Even the most well-designed system can have holes that result from the nature of our “forward engineering” development techniques. Reverse engineering can help identify flaws and faults before they become mission-critical software failures.
Finding the use of others' code: In supporting the cognizant use of intellectual property, it is important to understand where protected code or techniques are used in applications. Reverse engineering techniques can be used to detect the presence or absence of software elements of concern.
Finding the use of shareware and open source code where it was not intended to be used: In the opposite of the infringing code concern, if a product is intended for security or proprietary use, the presence of publicly available code can be of concern. Reverse engineering enables the detection of code replication issues.
Learning from others' products of a different domain or purpose: Reverse engineering techniques can enable the study of advanced software approaches and allow new students to explore the products of masters. This can be a very useful way to learn and to build on a growing body of code knowledge. Many Web sites have been built by seeing what other Web sites have done. Many Web developers learned HTML and Web programming techniques by viewing the source of other sites.
Discovering features or opportunities that the original developers did not realize. Code complexity can foster new innovation. Existing techniques can be reused in new contexts. Reverse engineering can lead to new discoveries about software and new opportunities for innovation.
It is by poking about inside current technology that hackers get ideas for the next generation.
"No thanks", some may say, "outside help is not needed."
But they're wrong. The next generation of computer technology has often - perhaps more often than not - been developed by outsiders.
In 1977 there was no doubt some group within IBM developing what they expected to be the next generation of business computer. They were mistaken. The next generation of business computer was being developed on entirely different lines by two long-haired guys called Steve in a garage in Los Altos. At about the same time, the powers that be were cooperating to develop the official next generation operating system, Multics. But two guys who thought Multics excessively complex went off and wrote their own. They gave it a name that was a joking reference to Multics: Unix.
And it was the simpler Unix that led the computer revolution, not Multics.
But what hackers fear the most is today becoming a reality! The latest intellectual property laws impose unprecedented restrictions on the sort of poking around that leads to new ideas. In the past, a competitor might use patents to prevent you from selling a copy of something they made, but they couldn't prevent you from taking one apart to see how it worked. The latest laws make this a crime. How are we to develop new technology if we can't study current technology to figure out how to improve it?
Data is by definition easy to copy. And the Internet makes copies easy to distribute. So it is no wonder companies are afraid. But, as so often happens, fear has clouded their judgment. The government has responded with draconian laws to protect intellectual property. They probably mean well. But they may not realize that such laws will do more harm than good.
Breaking the rules should NOT be something that also breaks the law. What hackers fear most is that the government will discover too late that the very laws that they made for their protection are what causes them to fall. Unlike high tax rates, governments can't repeal totalitarianism if it turns out to be a mistake.
This is why hackers worry. The government spying on people doesn't literally make programmers write worse code. It just leads eventually to a world in which bad ideas will win since there will be no one around to hack into the program and make it better. And because this is so important to hackers, they're especially sensitive to it.
A good example of one law which scares me is the law regarding computer use in New South Wales, Australia.
Section 310 of the Crimes Act 1900 states that:
"A person who intentionally (a.) destroys, erases or alters data stored in or inserts data into a computer; or (b.) interferes with, or interrupts or obstructs the lawful use of a computer..." can be punished by severe prison sentences.
It might sound like a good law on the surface but look at it closer. Remember the description of most computer users at the beginning of this entry... is there any computer operation that doesn't "erase", "alter", "destroy", or "insert" data into a computer? No, there isn't!
And what exactly does it mean when it says "obstructs the lawful use of a computer?" Isn't the lawful use of a computer that computer users be allowed to "erase", "alter", "destroy", or "insert" data into a computer? Yes.
This law makes computer use simultaneously illegal and legal at the same time! By this law, anyone who uses a computer can be thrown in jail for up to 10 years, or completely pardoned! Interestingly, New South Wales is one of the most proactive states in the world in prosecuting computer-related crimes.
After I wrote this entry I did receive an answer to emails I sent to several Australian law firms. According to one email I recieved, "The NSW law prohibiting computer use is phrased that way since it can frequently be difficult to determine whether or not a person had malicious intent (which is a difficulty raised with the penal codes used in other Australian states). The way the law in NSW is phrased, what is prosecuted is not the intention but the computer use itself. The law in NSW is phrased to make any computer use illegal so as to give the government the greatest scope in prosecuting crimes of a computer nature, without having to worry about the intent behind the computer use."
What makes some of these totalitarianism laws so scary is that most hacking isn't about doing things illegal; it's about learning and expanding knowledge. This totalitarianism law of NSW actually threatens letting people expand their knowledge of computer by threatening to make ALL computer use illegal and prosecutable at the whim of whoever is in power at the time!!
The law may sound reasonable on the surface, and the explanation may sound like a laudable reason on the surface... but totalitarianism by its' very nature prohibits growth and learning.
I am a hacker. As such the owner and editor of this blog promises to always tout good (hacked, tested, reverse-engineered) ideas on this blog.
Keep hacking alive.
Keep good, tested ideas flowing.
Keep thinking outside the box.
Hacking and reverse-engineering should not be illegal when used to benefit others.
