zlacker

If they just provide the same functionality, no. Mazda should lose this under Google v. Oracle. However, reverse engineering is dangerous. They surely read the copyrighted decompiled code. The test is whether the expressive elements of bdr99's implementation are substantially similar.

>>mminer+(OP)
> They surely read the copyrighted decompiled code

Do they? When it comes to reverse-engineering mobile app APIs, the usual strategy is to observe the network because it's so much easier than making sense of the disassembled binary.

Even if you can decompile, you'd generally use it as an aid to understand the network captures rather than using it as your primary source.

>>mminer+(OP)
This might be the case, but how could Mazda even prove this? Unless they communicate in some weird proprietary binary protocol I could imagine that the API (especially if it's just some JSON/XML REST stuff) can be reverse engineered by MitM traffic analysis.

>>Nextgr+F1
This is what I would usually do as well, self-MiTM and analyze the traffic, reverse engineer from there.

>>mminer+(OP)
I've reverse engineered many an API, and I've never done it by decompiling the executable. Also, what's illegal about decompiling an executable?

>>stavro+63
They could argue that by viewing the copyrighted code/implementation, you could effectively infringe by (even subconsciously) writing the same/similar code.

There's merits to this claim if you're indeed implementing some advanced, niche algorithm but it definitely wouldn't apply here as all he's doing is calling HTTP APIs, a very generic and common thing to do.

>>sp1rit+P1
If it's HTTPS stuff, they might be claiming that it falls under DMCA 1201 shenanigans.

> (A) No person shall circumvent a technological measure that effectively controls access to a work protected under this title.

https://www.law.cornell.edu/uscode/text/17/1201

As I understand it, car manufacturers prevent independent repair shops from lawfully obtaining some of the diagnostics information in the onboard computer by encrypting it with a key that sits on the very same drive. Said encryption is the "technological measure that effectively controls access" and using the key to decrypt it is "circumvention" -- naturally, of the "effective" access control.

(https://www.law.cornell.edu/definitions/uscode.php?def_id=17... to “circumvent a technological measure” means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner)

Mazda might be interpreting the SSL certificate as a similar measure and therefore use of the certificate to decrypt traffic as a similar violation.

>>Nextgr+V3
Ah, so it's not the act of disassembling that's the problem, but that you're infringing on the original code's copyright? That makes sense, thank you.

>>lcnPyl+Z3
From the posted notice[1], they answered "No" to the question "Do you claim to have any technological measures in place to control access to your copyrighted content? Please see our Complaints about Anti-Circumvention Technology if you are unsure." Is that the same thing you are referencing?

[1] https://github.com/github/dmca/blob/master/2023/10/2023-10-1...

>>stavro+p4
You may have come across this concept already, but this is where clean rooms come in.

One person views the "contaminated" decompiled code and writes a specification. A separate person writes the code based solely on the specification. This is an accepted method of demonstrating that there is no infringement.

>>wuuza+G5
Yep, sounds like it, which rules that out. Good to know that it might be on the served notice; I'll look for that next time.

>>angus-+c8
Yep, I knew of clean-room reimplementations, I was just wondering whether decompiling is somehow in itself illegal.

>>mminer+(OP)
It wouldn't matter anyway, it's unlikely that someone would put up the money to test this in couet.

>>hultne+t2
While if possible, it's the best course of action, the truth is these days additions like HSTS make it extremely difficult to MITM.

Additionally, MITM and trying things out on a toaster are one thing, doing the same on a 40k$ machine that can potentially make it impossible to do your commute is another.

This is IMO a prime example where the double team rev eng is key to success: one documents the API, the other uses it without having access to code (whiteroom)

>>stavro+p4
But disassembling/decompiling doesn't give you anything like the original code!

>>6502ne+0p
That kind of depends on the language, but it's a fair point. I think it might only matter that the general algorithm/solution is the same, not the lines of text themselves.

>>6502ne+0p
It gives you a derivative work of the original code

>>aneutr+bg
Nitpick: HSTS doesn't interfere with MITM. You're thinking of certificate pinning.

>>amelia+LW
You are right, I was thinking of stapling but wrote HSTS. Thanks

>>sp1rit+P1
I would assume Mazda looked at the infringing code and thought it looked suspiciously like their own code.

>>amelia+LW
HSTS interferes with MITM when the mobile device in question doesn't allow you to install new certificate authorities (as is slowly becoming the case).