SL Protocol Reverse Engineering Team

Under United States law, reverse engineering a patented item can be infringement; however, if the artifact or process is protected by trade secrets instead of by a patent, then reverse engineering the artifact or process is lawful as long as the artifact or process is obtained legitimately. In fact, one common motivation of reverse engineering is to determine whether a competitor's product infringes on your patents.
Reference: http://en.wikipedia.org/wiki/Reverse_engineering

I would like to take this discussion away from our Terms of Service and the question of legality of reverse engineering.

In an effort to provide an increasingly open-ended user experience, we generally welcome inspection of the information we exchange through the service. We also philosophically believe that creating more connectivity points engenders the culture we hope develops throughout the community -- a culture of creativity and innovation that provides a better place for everyone to play and work.

We will not pursue people who are reverse engineering the protocol who are looking to integrate their systems and processes with ours as long as those goals are not to the detriment of Linden Lab and the community at large.

Using information gathered to exploit the system, exploit residents, violate resident privacy or property, or generate disproportionate load will be pursued and will be curtailed in a manner we see fit.

FFS...

I'd guess editing permission is handled server side (if not it should be and this would be good incentive to sort that) so what's the worst that can happen? They could steal a script you wrote or copy an object you made? I've got news for you - you can do that without knowing the protocol details and doing so means you get kicked from SL making that info all but useless.

The advantages of enthusiasts doing this far outweigh any dangers.

I have kept quiet so far, but since LL has posted, I suppose it's ok if I add my two cents. Asset security is a real concern; and has largely been neglected. There are a number of protocal holes that would become public if full specs were published.

I have writen a tool that will let the user retrieve scripts from the clients cache that were recently edited (this does not circumvent any permissions). The client must be logged out for this tool to work.

There are few bugs in the interface but it works none the less. It requires the .net 2.0 framework.

Download: LSLTextExtractor.zip

Some day i may fix the interface bugs in the app. I may add support for getting the bytecode (pretty easy to do), if it is in the cache. I will not be writing a more complex viewer.

I dunno, the way I see it, if it's public knowledge then LL will be pressed into fixing the security holes sooner, rather than waiting for someone to find them secretly with the express intention of exploiting them.

What? You are kidding me right? How do I know that this lil widget you linked us to doesn't send you some info from my computer like the scripts from my cache that were recently edited.

You reverse engineers might be trying to reverse engineer smething on my PC. How convenient that you would offer us all something to download locally.

No thanks. I'll pass.
Good luck though.

What? You are kidding me right? How do I know that this lil widget you linked us to doesn't send you some info from my computer like the scripts from my cache that were recently edited.

You reverse engineers might be trying to reverse engineer smething on my PC. How convenient that you would offer us all something to download locally.

No thanks. I'll pass.
Good luck though.

i would understand your concern if joe scripter posted something like this, but some of the most usefull stuff has come from strife, and its all over the forums

besides seeing some of the stuff written by strife, he/she doesnt need your code

You can always decompile it; there are some pretty good .Net decompilers out there. Was writen in VC++.Net

BTW if I were really interested in doing evil; don't you think I would have done it already?

There isn't a real proper forum for this, so apologies in advance since this is not directly related to LSL scripting but I'm hoping to capture the right target audience.

Right now there are less than a dozen people in Second Life who have working knowledge of some or most of the Second Life protocol and even fewer who have working implementations in code for portions of it. Linden support is increasing as the homebrew clients can pass their own identifier at the login stage, but getting any good official information comes down to catching the right person at the right time.

I've been putting in my own share of work on a reverse engineering endeavour lately, but there are a lot of different fields in each type of packet and different data storage types to solve, so I think putting more eyes on the problem will speed things up a lot. Also, I've seen people putting prices on protocol information for resale. It would be like someone discovering a secret LSL function and only people who pay the price of find it out themselves can improve their work with it.

A wiki has been started, and any contributions to it are covered under the GNU Free Documentation License. Any work you put in will not be hijacked and resold, it will become public knowledge. Right now it's mainly a sandbox for analysis and discussion, but I hope it will grow into an up-to-date spec sheet for the protocol, similar to what the LSL Wiki is for LSL (but better! hehe). You can be assigned full credit for all of your contributions or remain completely anonymous if you wish.

Right now the "team" consists of myself, a few people getting up to speed with the tools, and a few angel voices that are significantly further along than myself lending advice. If you want to contribute to the project send me an IM in game. One stipulation to working on the project is that any derivative work based on this research must be protected under the SL TOS section 4.1 and DMCA section 1201(f) exemptions that this research falls under. The work is difficult enough without wandering outside the legal safe zone.

Security through obscurity is not security at all.

If there are problems that can be exposed by publishing the protocol, then those problems can be exploited by anyone.

True, but why make it easier for the griefers?

If you do find security holes ... transact privately with LL. Don't publish.

I would like to take this discussion away from our Terms of Service and the question of legality of reverse engineering.

In an effort to provide an increasingly open-ended user experience, we generally welcome inspection of the information we exchange through the service. We also philosophically believe that creating more connectivity points engenders the culture we hope develops throughout the community -- a culture of creativity and innovation that provides a better place for everyone to play and work.

We will not pursue people who are reverse engineering the protocol who are looking to integrate their systems and processes with ours as long as those goals are not to the detriment of Linden Lab and the community at large.

Using information gathered to exploit the system, exploit residents, violate resident privacy or property, or generate disproportionate load will be pursued and will be curtailed in a manner we see fit.

I believe this is the absolute wrong thing to do Linden Labs. You need to ban everyone of this team who has reversed Engineered SL

I believe this is the absolute wrong thing to do Linden Labs. You need to ban everyone of this team who has reversed Engineered SL

I have writen a tool that will let the user retrieve scripts from the clients cache that were recently edited (this does not circumvent any permissions). The client must be logged out for this tool to work.

I removed my post. Just want you to know that there are many many people who are very unhappy with this project.