Professional Documents
Culture Documents
v3.520100402
ArmijnHemel<armijn@loohuisconsulting.nl>
Copyright20092010LoohuisConsulting.Verbatimcopyinganddistributionofthisentire articleispermittedinanymedium,providedthisnoticeispreserved.
Table of Contents
Introduction................................................................................................................................................4 The consumer electronics business............................................................................................................4 How a product is developed..................................................................................................................5 Violations..............................................................................................................................................5 Technical analysis of a device....................................................................................................................6 Initial network scan...............................................................................................................................6 How to perform a network scan........................................................................................................6 Results of a network scan.................................................................................................................6 Value of using network scans...........................................................................................................7 Other network tricks.........................................................................................................................7 Firmware analysis..................................................................................................................................7 Embedded design 101.......................................................................................................................8 Boot sequence and boot loaders...................................................................................................8 Compression techniques..............................................................................................................8 File systems..................................................................................................................................9 squashfs.................................................................................................................................10 ext2/ext3/ext4........................................................................................................................11 cramfs....................................................................................................................................11 jffs2........................................................................................................................................11 yaffs2.....................................................................................................................................12 Executable files..........................................................................................................................12 Compilation 101....................................................................................................................12 Executable formats................................................................................................................13 Tools...............................................................................................................................................13 File analysis tools.......................................................................................................................14 hexdump................................................................................................................................14 file..........................................................................................................................................14 strings....................................................................................................................................14 grep........................................................................................................................................15 md5sum/sha1sum/sha256sum/sha512sum............................................................................15 Tools for unpacking files and archives......................................................................................15 bzip2/bzcat............................................................................................................................16 gzip/zcat................................................................................................................................16 unzip......................................................................................................................................16 lzma.......................................................................................................................................16 unrar......................................................................................................................................17 cabextract..............................................................................................................................17 unshield.................................................................................................................................17 rpmdevtools/rpm2cpio..........................................................................................................17 Other tools..................................................................................................................................17 binutils...................................................................................................................................18 ldd..........................................................................................................................................18 editor......................................................................................................................................18 Physical access....................................................................................................................................18 Serial console..................................................................................................................................18 Attaching a serial cable to a router............................................................................................18
Accessing the serial port............................................................................................................22 JTAG..............................................................................................................................................22 What violations to look for..................................................................................................................23 Linux kernel modules.....................................................................................................................23 busybox...........................................................................................................................................23 C libraries.......................................................................................................................................24 Toolchain........................................................................................................................................24 Bootloaders.....................................................................................................................................25 Physical compliance.................................................................................................................................26 Compliance engineering on Microsoft Windows....................................................................................26 Common violations.............................................................................................................................26 Tools....................................................................................................................................................27 Zipped executables.........................................................................................................................27 Cabinet files....................................................................................................................................27 MSI files.........................................................................................................................................27 Wine................................................................................................................................................27 Other tools......................................................................................................................................27 Cygwin compliance engineering.........................................................................................................28 Experiences..............................................................................................................................................28 Appendix A: GPL checklist.....................................................................................................................29 Appendix B: Reporting and fixing license violations..............................................................................29 Reporting a violation......................................................................................................................29 Handling a violation report ............................................................................................................30 Preventing a violation ....................................................................................................................30 Copyright note ...............................................................................................................................31 Appendix C: Commercial compliance engineering.................................................................................31
Introduction
Thisisaguideexplaininghowtofindlicenseviolationsinembeddeddevices.Thisguide showshowtodiscoverproblemsbyanalysisofnetworkscans,extractinginformationfroma firmwareandphysicallyalteringhardware. Beforewecandiveintothetechnicaldetails,itisworthtakingalookatthebusiness processesoftheconsumerelectronicsindustry,wheremostviolationsarefound. WARNING:Somethingsdescribedinthisguidemightnotbeallowedinyour jurissdictionduetolocallegislation.Pleaseconsultalawyertoseewhatispermitted. Thisisnotlegaladvice.
likethegplviolations.orgprojectandSFLChavestartedpushingforcompliancealotmorein thepastyears,sothisargumentislikelytobecomeinvalidsoon.
Violations
Licenseviolationscomeinallkindsofforms,rangingfromforgettingtoaddacopyofthe licensetexttonosource,nolicensetextandnopolicyofhandlingsourcecoderequests. LicenseviolationsarenotlimitedtojustGPLandLGPL.NearlyeverydevicethatrunsLinux alsohasawholerangeofothersubtleviolationsofMIT,BSDandotherlicenses. TherearealsoplentyofGPLlicenseviolationsondevicesthatdon'trunLinux.Therearefor exampledevicesthatrunaverybasicproprietaryoperatingsystem,butalsoincludesome GPLlicensedcode,whichislinkedintoonebigbinaryblobalongwiththerestofthe operatingsystem. ThisdocumentwillmainlyfocusonGPLandLGPLlicensecomplianceengineeringonLinux systems,withasmallsectiondedicatedonanalysingcommondataformatsonMicrosoft Windows.
Device type: general purpose Running: FreeBSD 6.X OS details: FreeBSD 6.1-RELEASE through 6.2-BETA3 (x86) Uptime: 36.216 days (since Fri Aug 10 20:06:29 2007) Network Distance: 1 hop OS detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ . Nmap finished: 1 IP address (1 host up) scanned in 21.304 seconds
Firmware analysis
AreliablemethodoffindingGPLlicensedcodeinadeviceisbygrabbingthefirmwareofthe devicefromthedownloadsiteorCDanddissectingittorevealallbitsandpiecesofwhatisin thefirmware.Thereisnostandardrecipefordissectingfirmware,sincetherearemanyways thefirmwareofadevicecanbestructured.However,theunderlyingmethodologiesas outlinedinthisdocumentcanbeusedformanydevices.Beforethesemethodologiesare explainedthereisashortexplanationofhowdevicesworkandwhythedesigninfluencesthe layoutofthefirmware.
Commonusedcompressionmethodsaregzipandbzip2,withLZMAand7zrapidlyrisingin popularity.
File systems
MostofthesefilesystemscanbeunpackedormountedoverloopbackonarecentLinux system(likeFedora11). Thefollowingtablesummarizesthemethodsyoushoulduseforthemostcommonlyusedfile systems: Filesystem Unpacking method unsquashfs custom unsquashfs(for examplefrom OpenWrt Alternative unpacking method mountover loopback mountover variouscombinationsofSquashFS loopback,might andLZMAareinuse requireanextra kernelmodule, dependingonthe flavourused e2toolspackage mightrequirebyteswappingwith cramfsswapfirst,dependingonthe endiannessofyourmachine Remarks
ext2/ext3 cramfs
romfs
jffs2
jffs2dump
yaffs2
unyaffs
squashfs
Thiscommandunpacksthesquashfsimageinthedirectory"rootdir".Thismethodisactually preferabletomountingoverloopback,sinceitwon'tcreatedevicefilesifyourunitasa normaluserandpreventyoufrommistakeslateron,suchastryingtogrepthroughttyfiles (whichhasratherunpleasantsideeffects). UnpackingasquashfsfilesystemwithLZMAcompressionispossibleinsomecases,butnot inallcases.ThereasonforthisisthattherearequiteafewversionsofLZMAinuse,which arenotalwayscompatible.TheSquashfsLZMAversionathttp://www.squashfslzma.org/for exampleusesdifferentmagicanditcan'tworkwithmanySquashfsfilesystemsthatare actuallyusedonembeddeddevices. ItisnotpossibletodetectLZMAcompressionusingthecommand"file",sincethesignatureis usuallynotdifferentfromanuncompressedsquashfsfilesystem.Whenyoutrytomountit anditfails,youmightseethisindmesg,whichisaclearindicationanothercompression techniquethanzlibhasbeenused:
SQUASHFS: Mounting a different endian SQUASHFS filesystem on loop0 SQUASHFS error: zlib_inflate returned unexpected result 0xfffffffd, srclength 8192, avail_in 160, avail_out 8192 SQUASHFS error: sb_bread failed reading block 0x4b0 SQUASHFS error: Unable to read cache block [12bf5c:3d6] SQUASHFS error: Unable to read inode [12bf5c:3d6]
ext2/ext3/ext4
cramfs
Anotherpopularfilesystemisthecramfsfilesystem.Itcanbefairlyeasilyrecognizedby searchingforthestring"CompressedROMFS".Therearetwoversions:oneforbigendian systems(PowerPC,SPARC,bigendianMIPS)andlittleendiansystems(x86,littleendian MIPS). Dependingonwhichsystemyouworkonthesefilesystemsmightneedtobebyteswapped frombigendiantolittleendian,orviceversaifyouwanttomountitonoverloopbackona Linuxsystem.Thecramfsswaputilityisatoolthatcanchangetheendiannessofacramfsfile system. Byteswappingwillnotalwayswork,sincesomedevices(notablywiththebcm63xxchipset) haveapatchedcramfsimplementation,butitisoftenenoughtoextractatleastthedirectory hierarchyandnamesofthefilesonthedevice,whichwilloftengiveyoumoreinformation aboutwhatisactuallyonthedevice.
jffs2
Thejffs2filesystemisspecial,sinceitcan'tbemounteddirectlyoverloopback.Itfirstneeds tobewrittentoaspecialdeviceinmemory,whichcanthenbemountedasanormalfile system.Forthissomedarkkernelvoodoomagicisneeded. Thejffs2filesystemcomesintwoflavours:littleendianandbigendian.Bigendianfile systemscan'tbemountedonlittleendianfilesystemsandviceversa.Itmightbenecessary toconverttheendiannessofthefilesystemwithaprogramsuchasjffs2dumpbeforeyoucan accessitscontents. Themtdutilspackagecontainsalltoolsnecessarytoworkwithflashmemorydevices.Oneof themostusefultoolsisjffs2dump.Withjffs2dumpyoucaninspectthestructurefilesystems andchangeendianness,ordumpthecontentsofthefilesystem. Aruleofthumbisthatifyoudumpthecontentsofthejffs2file(usingc)andyougetalotof warnings,butnorealdata,youshouldsupplyoneoftheoptionsb(bigendian)orl(little endian),dependingontheendiannessofyourownsystem.
Mountingoverloopbackispossiblebyfirstwritingthecontentsofthefiletoamtddeviceand thenmountingit.
modprobe mtdcore modprobe jffs2 modprobe mtdram modprobe mtdblock modprobe mtdchar dd if=/path-to-jffs2-file of=/dev/mtd0 mount -t jffs2 /dev/mtdblock0 /tmp/mnt/
Thiswillcreatearamdisksized8megabytes.
yaffs2
Executablefilesareusuallythe"real"programsonadevice.Therearetwotypesof executablefiles:
scripts compiledprograms
Thereareafewtypesofexecutableformatsyoucanfindonanembeddeddevice:
ELFwith/withoutgzipcompression,strippedandnotstripped BinaryFlatformat(bFLT)with/withoutgzipcompression
TheELFformatisthemostcommonformat.Mostofthetimethebinarieswillbe"stripped", whichmeansthatallthedebugginginformationhasbeenremovedfromthefile.Ifyouare luckythebinaryhasnotbeenstrippedandallthisinformationwillstillbethere.Thisgives morecluesaboutwhatisactuallyinthefile. ArareformoftheELFformatiswheretheprogramsarecompressedwithgzip,aftertheELF header.Togettothecontentsofthefileyoufirsthavetoextractthecontentsfromthefile. Thisisdoneinthesamewayasyouwouldextractafilesystemwhichhasbeencompressed withgzip. TheELFformatisanindustrystandard.Therearealotoftoolswhichcanbeusedtoinspect ELFbinariesfromallkindsofplatforms.TheGNUbinutilscollectioncontainsafewtoolsfor doingexactlythis:readelfandobjdump. OneoftheinterestingsectionsintheELFformatisthesocalled'dynamicsection'.Inthis sectionthedynamicallylinkedlibrariesarelisted:
$ objdump -x <file> | grep NEEDED
Tools
Thetoolboxofareverseengineercontainsalotoftools.Thetoolsetcanbedividedinafew categories:
fileanalysistools
toolsforunpackingfilesandarchives othertools
file
Oftenfirmwarewilljustshowupas"data":
$ file zImage zImage: data
programs(forexamplekprintf()statements),andsoon.Thesestrings,combinedwitha searchengineorknowledgebaseofknownstrings,canrevealalot.
grep
The"grep"toolisgreatforquicklyfindingstringsinfiles(evenbinaries)thatcanbeimportant. "Copyright"(withandwithoutcapitalization),"FreeSoftware","License","GPL"and"General PublicLicense"aregoodstringstosearchfor.Ifyouspecifythecommandlineoption"i"your searcheswillbecaseinsensitiveandquiteabitslower.Iusuallysearchfor"icense",or "opyright",omittingthefirstcharacter,whichmayornotbecapitalized.Itoftensavesmea fewminuteswaiting. Bewarned,manyfilesystemscontainspecialdevicefilesorsymboliclinksto/tmporother partsofyourownfilesystem.Ifyou'renotcarefulyoumightbegreppingonyourwhole computer,or'grep'mightbestuckonaspecialdevicefile.Agoodideaistofirstfilteroutthe rightfileswithforexample"find"andthengrepthroughthem.
md5sum/sha1sum/sha256sum/sha512sum
Unpackingtool gunzip
Alternative zcat
Remarks zcatunpacksto stdoutbydefaultand needstobe redirectedtoafile bzcatunpacksto stdoutbydefaultand needstobe redirectedtoafile lzcatunpacksto stdoutbydefaultand needstobe redirectedtoafile
bzip2
bunzip2
bzcat
ZIP lzma
tar cpio
tar cpio
Windowsexecutable
7z
bzip2/bzcat
Datacompressedwithbzip2canbeeasilyfoundbysearchingforthestring"BZh"insidethe firmwareimage.
gzip/zcat
unzip
NormalZIPfilescanbeunpackedusingtheunzipprogram.InfirmwaresZIPcompressed partsnormallystartwithPK.SomeWindowsexecutablescanalsobeunpackedwithunzip.
lzma
Anothertoolthatisconvenientis'lzmainfo',whichgivesalotofinformationaboutafile compressedwithLZMA:
$ lzmainfo lzma-file
lzma-file Uncompressed size: Dictionary size: Literal context bits (lc): Literal pos bits (lp): Number of pos bits (pb):
unrar
binutils
Thebinutilspackagecontainsseveralusefultoolstoinspectbinaries,suchasreadelfand nm.
ldd
Thelddtoolprintssharedlibrariesforadynamicallylinkedexecutable.
editor
Apropereditorisusedifyouwanttoeditfilesandextractparts.Alternatively,atoolsuchas ddcanbeused.
Physical access
Thefinalpartofcomplianceengineeringworkisgettingphysicalaccesstoadevice. Sometimesthebootloaderisnotshippedinafirmwareupdateandcanonlybeaccessed throughaserialconsoleorJTAG.OftenaGPLlicensedbootloaderisusedonadevice.Ifyou don'tperformacheckusingaserialport,itcaneasilybemissed.
Serial console
Manydeviceshaveaserialport,oraserialportcanbeattachedtoitwithouttoomucheffort. Aserialportisusedduringdevelopmentofthedevice.Thefirmwareofthedeviceoftenlets youloginonthedeviceviatheserialportwhenyouconnecttoitthroughaserialcable,or givesyouarootshellonthedevicedirectly.Thisisnotalwaysguaranteedtowork.Insome devicesnooutputissenttotheserialportduringbooting,oroncethedevicehasbooted.
Attaching a serial cable to a router
Youcanlogontotheserialportbyusingacable,whichattachingonesidetotheserialport ontherouterandtheotherporttothePC,eitheraserialportonthemotherboard,oraserial USBconverter. WARNING:Manyroutersworkon3.3Volts,whileaserialportonaPCworkson12 Volts.Youneedaspecialcablewhichcanshiftbetweenthetwovoltagesoryourisk blowingupthedevice. Therearespecialkits(MAX232)tomakesocalled"levelshifters",thattakecareofthe voltagedifference.OldSiemensphonecablesalsowork.SomeonlineshopssellRS232 shifters: http://www.sparkfun.com/commerce/product_info.php?products_id=449
Illustration 3: Solder pads for a serial port on a device, without header pins Somevendorstrytohidethesesolderpadstomakephysicalaccesstothedeviceharder. Luckilymostvendorssimplydon'tcareandinsomeofthedevicesyoucanalreadyfindpin headerssolderedontothesolderpads.
When the serial cable has been properly attached to the router it can be accessed using a serial communication program. The most popular one on Linux is called 'minicom'. Not all serial ports use the same speed (or 'baud rate'). Popular baud rates are 9600, 38400, 57600 and 115200.
JTAG
SomedevicescanonlybeaccessedthroughJTAG.
Modulesthathavesetthismacrowillhaveaccesstomoreinternalsofthekernel.Licensing ofmodulesthathavethismacrosetshouldneverbeanissue. Withregardtoothermodulesopinionsdiffer.GregKroahHartman,oneoftheleadingLinux kerneldevelopers,toldmeinapersonalemailon14October2007: [I]t'squitesimple,me,andmylawyersfeelthatthereisNOwaytohaveaLinuxkernel modulethatisnotundertheGPLv2.Todosootherwiseviolatesthelicenseofthekernel, andmycopyrights.Butit'snotonlymethatsaysthis,NovellandIBMhavepubliclystated thisinthepast,aswellasHP(well,theykindofmurmuredit,buthavesaidsoinperson.) RedHatalsostatesthis,aswellasanumberofkeyLinuxkernelcontributorsandholdersof copyrightonthekernel. TheLinuxFoundationalsoissuedastatementonclosedsourcedriversandmodulesonJune 232008: http://www.linuxfoundation.org/en/Device_driver_statement AppendixCofthebook"BuildingEmbeddedLinuxSystems"(1stedition),publishedby O'Reilly,alsohas11pagesdedicatedtohowkerneldevelopersseethelegalstatusofbinary kernelmodules.Althoughthemailsaredated(inthetimeperiod19992002)andtheauthors ofthemailsarenotlegalprofessionals,theydoprovideaninsightintothesubject.
busybox
Busyboxisaprogramthatcombinesalotoffunctionalityofprogramsintoone,whileleaving outthemoreadvancedfeaturesofmanyoftheGNUtools.ItistheSwissarmyknifeof embeddedLinuxandnearlydefaultonembeddedLinuxdevices.Itworksbymakinga symlinkfromaprogramtothebusyboxbinary.Dependingonaswhichprogramitisinvokedit willbehavedifferently. Bydefaultnotallfunctionalityisbuiltintobusybox.Atcompilationtimeaconfiguration(much
Optionsthataredisabledaresetas:
# CONFIG_CHGRP is not set
Thisshouldgiveyoualistwithvariousfunctionnames,like:
vi_main wc_main wget_main which_main yes_main
C libraries
ALinuxsystemisnotcompletewithoutthesocalledClibrary,whichcontainsfunctionality everyprogramonthesystem,apartfromtheLinuxkernelitself,isusingonewayoranother. TherearetwoClibrariesonLinuxthatarepopularonembeddedLinuxsystems(except Androidphones):glibcanduClibc.AnotherClibrarythatissometimes(butnotoften)usedis dietlibc.BothglibcanduClibcareLGPLlicensed,whiledietlibcisGPLv2licensed.Formany embeddeddevicessourcesfortheselibrariesaremissing,becausetheClibraryisoftenpart ofthesocalledtoolchain.
Toolchain
Anoftenoverlookedpartinthecomplianceprocessisthetoolchain.Atoolchainisthe combinationofacompiler,Clibrary,headerfilesandbinutilsthatcantranslateprograms writtenbyaprogrammertosomethingacomputerunderstands.
Thecompilerparses,checksandtranslatesthesourcecodeandgeneratesmachine readablecodefortheplatformitwastoldtogeneratecodefor.Inmostcases,thatisthe sameplatformitisrunningon.So,forexample,onmyPCIcompileaprogramwiththe standardcompilerthatFedora11ships.Theoutputofthecompilationprocesswillbea programthatcanrunonmyPC.IfIwouldbedevelopingforanotherplatform,basedonthe MIPSorARMarchitecture(oranotherplatform,oranotheroperatingsystem)Iwouldhaveto instructmycompilertogeneratecodethatwillrunonthatplatform,becauseprogramsformy Intelx86basedPCwillnotrunonaboxthatusesaMIPSCPUandrunsNetBSD.Forthis youneedaspecialsetupofcompiler,plusassemblerandlinker(foundinGNUbinutils)that cangeneratecodeforaspecificplatformandaClibrarytoturnitintoaworkingexecutable. ThisisnotsomethingthestandardcompilersonstandardLinuxdistributionsdobydefault (note:toolchainsarenotspecificforembeddeddevices.Thecombinationofcompiler,binutils ClibraryandheaderfilesonmynormalPCisalsoatoolchain). Thetaskofbuildingacrosscompilerisnottrivialandquitetrickytogetright(itevengetsalot morefunwhenyoutrytocrosscompileacrosscompiler).Therearealotofbuild environmentsthatmakeiteasytobuildacompletedevelopmentenvironmentforacertain platform,includingapropertoolchain.OpenWrtandbuildrootaretwopopularones,butalot ofvendorshavetheirownbuildenvironment,whichisshippedaspartofaSoftware DevelopmentKit(SDK).TheseSDKs,whilecontainingalotofGPLandLGPLlicensedcode, areoften(partially)includedinsourcedistributionsinbinaryform,ornotshipped(many vendorshaveproprietarytoolsinsidethetoolchainanddon'tallowtheircustomersto redistributetheSDK),oftenresultinginmissingsourcesforthe(LGPL/GPLlicensed)C library. Somevendors,suchasBroadcom,haveadaptedtheGNUCompilerCollection(GCC)and GNUbinutilstotakeadvantageof/usespecificcharacteristicsoftheirCPU.Withoutthese extensionstothecompileryouwillneverbeabletocreateanewprogramandrunitona machinewithcodegeneratedwiththatcompiler(thesituationmightnotbeasblackandwhite asIputithere,butitmakesthingsdefinitelyalotharder). Itisanongoingdebatewhetherornotthetoolchainitselfshouldbeshippedwithasource tarballaspartoftheobligationsdescribedintheGPL.Somepeoplesayitshouldbe,since withoutititisverydifficultandsometimesevenimpossibletobuildanewexecutablefora devicewithouthavingaccesstotheexactcrosscompilerthatwasusedforbuildingthe software.Otherpeoplesaythatbecauseonlytheresultofthetoolchainisdistributed,the toolchaindoesnotneedtobedistributed. ItisbeyondanydoubtthatifatoolchainisavailableinbinaryformintheGPLsourcesfora deviceanditcontainsGPLorLGPLcode(gcc,binutils,glibc,uClibcordietlibc)thelicenses shouldbeadheredto.
Bootloaders
ThereareafewGPLlicensedbootloadersthatarepopularincurrentembeddedproducts.In complianceengineeringtheseareoftenoverlooked. Bootloader platforms comments
discontinued,butstillused occasionally
originallyfromeCos,modified GPLlicense
Tofindoutifthesebootloadersareuseditisoftennecessarytoaccessthedevicethrough theserialport.
Physicalcompliance
Thephysicalcompliancerequirementsvariouslicenseshaveareoftenoverlooked. Complianceengineeringisnotcompletewithoutaninspectionofthedocumentationthatis shippedwithadevice. TheGPLandLGPLlicensesrequirethatacopyofthelicenseisshippedwiththedevice, eitherphysically(forexample,aspartofthemanual)oronadocumentationCDROM.Quite oftenadeviceisnotshippedwitheitherofthem,orjusttheGPL,evenifLGPLlicensedcode isinusedwhichisthecaseinnearlyallLinuxbaseddevices(anotableexceptionisAndroid basedphones).
ComplianceengineeringonMicrosoftWindows
MostGPLviolationsweknowofareonembeddedsystemsrunningLinux.Thereappearto beplentyofviolationsinprogramsthatrunonMicrosoftWindowstoo.Thereasonthatthese violationsarefairlyunknownisthattheyhaveneverbeenafocalpointforcompliance engineering,mostlyduetolackofresearchintothisarea.
Commonviolations
Acommonreportisofsharewareprograms,likeCD/DVDburningprograms,ormusic players,thatarebeingdistributedinaGPLincompliantway.The'creators'ofthoseprograms tendtoberatherimmunetorequestsforthesourcecodeandkeephappilyviolatingtheGPL andLGPLlicenses. OtherreportedviolationsareprogramsusingpartsofCygwin,forexampleinmanagement softwareforvariousexpensiveaccesspoints.OthercommonviolationsareusingtheGPL licensedversionsoftheQttoolkitorXviD. AninterestingareaofresearchforviolationsisinActiveXcomponentsthatareshippedwith forexampleIPcamerasorrouters.TheActiveXcomponentsareonthedeviceitselfandare downloadedbythewebbrowserfromthedevicetogetsomeextrafunctionality,suchas viewingdata,orcontrollingacamera.Thisissoftwaretooanditshouldalsobecheckedfor violations.
Tools
ThereareafewcommonarchiveformatsforWindowsexecutablesandsharedlibraries. Whichoneisuseddependsonwhichpackagingprogramwasused.
Zipped executables
Quiteoftenfileswiththe'.exe'extensionareinfactselfextractingexectubleswhichhave beencompressedusingZIP.Thesecaneasilybeextractedwiththe'unzip'program.After unpackingothermethodscanbeusedtofurtherinvestigatethecontents.
Cabinet files
AcommonarchivingformatforWindowsexecutablesisthe'cabinetarchive'.Acabinet archiveoftenhasthe.cabfileextension.OnUnixsystemsthe"cabextract"and"unshield" toolscanbeusedtoextractthesefiles.
MSI files
AnotherfileformatthatisusedalotistheMicrosoftInstallerFormat,whichcanberecognized bythe.msifileextension.OftenyoucanextractthedatafromtheMSIusingthe'7z'program. Sometimesthiswillnotworkandyouwillhavetotryothermethods(liketheonedescribed next).Extractinga.msifiledirectlywithcabextractwillusuallygetyouthefilenames,butnot thecontentofthosefiles. Afterunpackingwith7zyouwillusuallyseealotofthatwereinsideaMSIfile,suchas resources(pictures,helpfiles)butalsosharedlibraries(DLL)andcabinetarchives,whichcan beextractedasdescribedabove.
Wine
AveryusefultooltoextractdatafromWindowsinstallersisWine.Duringinstallationdata suchasarchivesarewrittentotemporarylocationsinthefilesystem(C:\windows\temp\). Duringorafterinstallationthesearchivesorthebinariesonthesystemcanbeeasilycopied toanotherplaceandanalysedusingoneofthemethodsdescribedabove.
Other tools
OnWindowsdifferentfileformatsareusedthanonLinuxandmosttoolsdescribedearlier documenttoinspectbinarieswon'twork.Forexample,onLinuxtheELFexecutableformatis primarilyused,butonWindowsthePEexecutableformatisused.BinariesinPEformatkeep theirdatainadifferentform,insuchawaythattoolslike"strings"areoftennotsuccessfulfor extractinginterestingdata.APEdecompilerordisassemblerwouldbeneededtoextractthis information.RightnowthereisnofreesoftwarePEdisassemblerthatismatureandeasyto use.
Thecontentsofafilecanbecheckedwiththe'strings'program:
$ strings a_program.exe cygwin_internal cygwin1.dll _cygwin_crt0 __cygwin_crt0_common@8 _cygwin_premain3 _cygwin_premain2 _cygwin_premain1 _cygwin_premain0 ___cygwin_crt0_bp _cygwin_internal _cygwin1_dll_iname __head_cygwin1_dll __imp__cygwin_internal | grep cygwin
ThisisaclearindiationthatCygwinisused.
Experiences
Experiencefromseveralyearslookingthroughseveralhundredsofsourcearchiveshas learnedthereareafeweasytargetstolookforinGPLcompliance.Thesetargetscanserve asaverysimplelitmustestforGPLcompliance.Oneeasytargetisthetoolchain.Oftena binaryonlytoolchainisshippedinaGPLarchive,withoutsources.Forothertools,likethe onestocreateanactualfilesystem(mksquashfswithorwithoutLZMAcompression, mkfs.jffs2,genromfs,mkcramfs)thesourcesaremissingquiteoftentoo. Anothercommonviolationislackofbootloadersources(ifaGPLlicensedbootloaderisused onthedevice)andaddonpackageswhichwerenotpartoftheoriginalSDKthevendorgot fromupstream. Atrickysourceofviolations,whichishardtoexplaintovendors,iswhen"extrasoftware"is shippedintheGPLsourcesthatisnotpresentonthedevice.Itoftenhappensthatacertain softwarestackforaparticularboardisusedfordevelopingvarioustypesofdevicesfor variousvendors.Tracesofdifferentdevices,withdifferentsoftware,canshowupintheGPL sourcesforadevice,forexampleintheformofafilesystemwithprecompiledbinaries,that wasaccidentallyleftin.Whiletechnicallynotinterestingifyouonlywanttotweakthe software,thisisasourceforlicenseviolations.Itishardtoexplaintovendors,becausein theireyesallthesoftwarethatisonthedeviceisintheGPLtarball,inaGPLcompliantway.
AppendixB:Reportingandfixinglicenseviolations
ThisguidepresentssomepracticaltipsforsolvingcommonFreeSoftwarelicensecompliance issues.Itisnotlegaladvice,andifindoubt,youshouldcontactaqualifiedlawyer.
Reportingaviolation
Becarefulwhenreportingaviolation.Accusationsandsuspicionsvoicedonpublicmailing listscreateuncertaintyanddolittletosolveviolations.Bycheckingyourfactsyoucanhelp expertsresolveviolationsquickly. Usefulviolationreportstocompaniesaboutapotentiallyinfringingproductshouldcontain:
Thenameoftheproductaffected Thereasonwhyaviolationisbelievedtoexist Thenameoftheprojectcodethatmayhavebeenviolated Astatementregardingwhatlicencethiscodeisunder Alinktotheprojectsite Thenameoftheprojectcodethatmayhavebeenviolated Astatementregardingwhatlicencethiscodeisunder Alinktotheprojectsite Thenameandwebsiteofthepartywhomaybeviolatingthecode Thereasonwhyaviolationisbelievedtoexist Pleasedonotforwardlongemailthreads.Theymakeitdifficulttoassessthesituation. Ifyouhaveclearevidenceofaviolationitisagoodideatotellthecopyrightholders. Theycantakelegalactionifnecessary. gplviolations.org:licenseviolation@gplviolations.org FSFE'sFreedomTaskForce:ftf@fsfeurope.org
Usefulviolationreportstoorganisationslikegplviolations.orgortheFTFshouldcontain:
Additionaltips:
Youcansendviolationreportsto:
Handlingaviolationreport
Itisimportanttohandleviolationreportscarefully.FreeSoftwaredevelopmentfocuseson communityengagementandclearcommunication.Thatmeansitisimportanttorespondto issuesreported,evenifyourreplyisinitiallybrief.Thishelpspreventescalation. Herearesomeusefulsteps:
Confirmyouhavereceivedanyreportssentinandinformthereporteryouarelooking intothecase Ifthereportwasmadeonapublicforumtrytomovethediscussiontoanonpublic spaceassoonaspossible Isolatethepreciseproblem.Ifyoudon'talreadyhavetheinformation,askthereporter for: Thenameoftheproductaffectedortheexactcodecausingaproblem Thereasonwhyaviolationisbelievedtoexist Thenameoftheprojectcodethatmayhavebeenviolated Astatementregardingwhatlicencethiscodeisunder Alinktotheprojectsite Sendupdatestothereporterwhentheyareavailable Noteveryreporterunderstandslicencesfullyandtheremaybemistakesintheir submissions Compliancewiththetermsofthelicencesisnotoptionalandlackofcompliancecan haveseriousconsequences Youcanhirecomplianceengineersorpurchasecomplianceservicesfromthirdparties ifnecessary FSFE'sFreedomTaskForce:ftf@fsfeurope.org LoohuisConsulting:http://www.loohuisconsulting.nl/GPL/
Pleasebearinmind:
Youcangetmoreinformationaboutbestpracticeinthisfieldbycontacting:
Youcanobtaincomplianceengineeringsupportbycontacting:
Preventingaviolation
Thebestwaytofixviolationsistopreventthemoccuring. Usefultips:
Usefultipsforsupplychainmanagement:
Formoreinformationyoucancontact:
gplviolations.org:legal@lists.gplviolations.org FSFE'sFreedomTaskForce:ftf@fsfeurope.org
Copyrightnote
Thisappendix:copyright(c)2008ArmijnHemel,ShaneCoughlan ThisworkisavailableundertheCreativeCommonsAttributionNoDerivativeWorks3.0 Unportedlicence.
AppendixC:Commercialcomplianceengineering
ThisdocumentationwasmadebyArmijnHemelatLoohuisConsulting,whiledoingresearch forgplviolations.org. LoohuisConsultingisspecializedintailormadehosting,development,trainingand consultancy. LoohuisConsultingisoneofthefewcompaniesintheworldtoofferGPLcompliance engineeringasaservice.TheincreaseduseofFreeSoftwarerequiresanunderstandingof thelicensesinuseaswellasbestpracticeindeployment,deploymentprocessesand compliance.LoohuisConsultingemployeeshavepracticalexperienceinthisfield,especially withregardstoembeddeddevices. LoohuisConsultingisalsooneoftheleadingexpertsonUniversalPlugandPlaysecurity. OuremployeesarepioneersinundertakingsecurityauditsondevicesusingUniversalPlug andPlayandhavewrittenawardwinningpapersandgivennumerouspresentationsonthe subject. FormoreinformationpleasevisittheLoohuisConsultingwebsite: http://www.loohuisconsulting.nl/