zlacker

The takedown request is based on

> MNAO analyzed some of the code and determined that the code provides functionality same as what is currently in Apple App Store and Google Play App Store.

Is this really legal? Because in my mind, providing the same functionality does not violate copyright, since the actual intellectual material is new. And I don't think Mazda has a patent on the ability to control your vehicle over an API.

>>sp1rit+(OP)
Most likely this would not stand up in court, given a proficient legal team. I imagine that the hobbyist developer had neither the money nor the inclination to mount a legal defence against a multi-billion dollar company though.

>>sp1rit+(OP)
If they just provide the same functionality, no. Mazda should lose this under Google v. Oracle. However, reverse engineering is dangerous. They surely read the copyrighted decompiled code. The test is whether the expressive elements of bdr99's implementation are substantially similar.

>>mminer+k2
> They surely read the copyrighted decompiled code

Do they? When it comes to reverse-engineering mobile app APIs, the usual strategy is to observe the network because it's so much easier than making sense of the disassembled binary.

Even if you can decompile, you'd generally use it as an aid to understand the network captures rather than using it as your primary source.

>>mminer+k2
This might be the case, but how could Mazda even prove this? Unless they communicate in some weird proprietary binary protocol I could imagine that the API (especially if it's just some JSON/XML REST stuff) can be reverse engineered by MitM traffic analysis.

>>Nextgr+Z3
This is what I would usually do as well, self-MiTM and analyze the traffic, reverse engineer from there.

>>mminer+k2
I've reverse engineered many an API, and I've never done it by decompiling the executable. Also, what's illegal about decompiling an executable?

>>darkr+22
Even view-source is considered "hacking" and you might easily end up in jail if some dumb judge/prosecutor decides so.

https://www.theregister.com/2022/02/15/missouri_html_hacking...

>>stavro+q5
They could argue that by viewing the copyrighted code/implementation, you could effectively infringe by (even subconsciously) writing the same/similar code.

There's merits to this claim if you're indeed implementing some advanced, niche algorithm but it definitely wouldn't apply here as all he's doing is calling HTTP APIs, a very generic and common thing to do.

>>sp1rit+94
If it's HTTPS stuff, they might be claiming that it falls under DMCA 1201 shenanigans.

> (A) No person shall circumvent a technological measure that effectively controls access to a work protected under this title.

https://www.law.cornell.edu/uscode/text/17/1201

As I understand it, car manufacturers prevent independent repair shops from lawfully obtaining some of the diagnostics information in the onboard computer by encrypting it with a key that sits on the very same drive. Said encryption is the "technological measure that effectively controls access" and using the key to decrypt it is "circumvention" -- naturally, of the "effective" access control.

(https://www.law.cornell.edu/definitions/uscode.php?def_id=17... to “circumvent a technological measure” means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner)

Mazda might be interpreting the SSL certificate as a similar measure and therefore use of the certificate to decrypt traffic as a similar violation.

>>Nextgr+f6
Ah, so it's not the act of disassembling that's the problem, but that you're infringing on the original code's copyright? That makes sense, thank you.

>>lcnPyl+j6
From the posted notice[1], they answered "No" to the question "Do you claim to have any technological measures in place to control access to your copyrighted content? Please see our Complaints about Anti-Circumvention Technology if you are unsure." Is that the same thing you are referencing?

[1] https://github.com/github/dmca/blob/master/2023/10/2023-10-1...

>>stavro+J6
You may have come across this concept already, but this is where clean rooms come in.

One person views the "contaminated" decompiled code and writes a specification. A separate person writes the code based solely on the specification. This is an accepted method of demonstrating that there is no infringement.

>>sp1rit+(OP)
DMCA != copyright

>>wuuza+08
Yep, sounds like it, which rules that out. Good to know that it might be on the served notice; I'll look for that next time.

>>failra+Da
What does the C stand for in DMCA?

>>angus-+wa
Yep, I knew of clean-room reimplementations, I was just wondering whether decompiling is somehow in itself illegal.

>>mminer+k2
It wouldn't matter anyway, it's unlikely that someone would put up the money to test this in couet.

>>hultne+N4
While if possible, it's the best course of action, the truth is these days additions like HSTS make it extremely difficult to MITM.

Additionally, MITM and trying things out on a toaster are one thing, doing the same on a 40k$ machine that can potentially make it impossible to do your commute is another.

This is IMO a prime example where the double team rev eng is key to success: one documents the API, the other uses it without having access to code (whiteroom)

>>tremon+Ef
Cookies!

>>sccxy+N5
There were no charges filed in this case. The prosecutor correctly ascertained that the allegations were false and the whole thing was a waste of taxpayer money.

>>ensign+Jn
Yeah, but still it is/was very stressful for this person.

Never know when they decide otherwise. "Hacking/cyber crime" is very wide and open term.

>>stavro+J6
But disassembling/decompiling doesn't give you anything like the original code!

>>6502ne+kr
That kind of depends on the language, but it's a fair point. I think it might only matter that the general algorithm/solution is the same, not the lines of text themselves.

>>sccxy+Ap
People would be absolutely aghast at how much trouble the law can make for you without ever actually even charging you with anything.

And how relatively easy lawfare can be brought against someone, especially if the person bringing it has infinite money and/or nothing to lose.

>>6502ne+kr
It gives you a derivative work of the original code

>>sp1rit+(OP)
Probably not, but more and more I’ve been reminded that the law only applies if you have the financial means to prove/defend your position in court.

>>aneutr+vi
Nitpick: HSTS doesn't interfere with MITM. You're thinking of certificate pinning.

>>amelia+5Z
You are right, I was thinking of stapling but wrote HSTS. Thanks

>>sp1rit+94
I would assume Mazda looked at the infringing code and thought it looked suspiciously like their own code.

>>amelia+5Z
HSTS interferes with MITM when the mobile device in question doesn't allow you to install new certificate authorities (as is slowly becoming the case).