13 Replies Latest reply on Mar 24, 2017 5:42 PM by Alfonso Vicente

    It is illegal to unwrap the APEX code for educational purposes ?

    user12242205

      I know I CAN unwrap the APEX code, so this is not a technical question.

       

      I've readed the Oracle Database 11 g Express Edition License Agreement, and I'm remain confused about this specific question. As far as I understand, there is no legal restriction in analyze the PL/SQL objects that are not wrapped (i.e. in clear code). With the wrapped ones, considering that the wrap is a way of encoding (like base64, but more complicated) that admits decoding, I can think that decoding not apply for "reverse engineering or decompilation of the programs". On the other hand, while that "programs" are in a relational database, are not just code, but data too, and I can think I should have right to see all the data stored in my database, including the data stored in the catalog.

       

      In short, if I unwrap the APEX code for educate myself, am I doing something illegal ? and if the response is yes, what agreement exactly am I violating ?

       

      Thanks in advance

       

      Regards,

      Alfonso Vicente

        • 1. Re: It is illegal to unwrap the APEX code for educational purposes ?
          fac586

          user12242205 wrote:

          Update your forum profile with a recognizable username instead of "user12242205": Video tutorial how to change nickname available

          I've readed the Oracle Database 11 g Express Edition License Agreement, and I'm remain confused about this specific question. As far as I understand, there is no legal restriction in analyze the PL/SQL objects that are not wrapped (i.e. in clear code). With the wrapped ones, considering that the wrap is a way of encoding (like base64, but more complicated) that admits decoding, I can think that decoding not apply for "reverse engineering or decompilation of the programs". On the other hand, while that "programs" are in a relational database, are not just code, but data too, and I can think I should have right to see all the data stored in my database, including the data stored in the catalog.

           

          In short, if I unwrap the APEX code for educate myself, am I doing something illegal ?

          According to my reading (I am not a lawyer) of the APEX license agreement, then yes, you would be.

          and if the response is yes, what agreement exactly am I violating ?

          At least the clauses highlighted below:

          License Rights       

                    
          We grant you a nonexclusive, nontransferable limited license to use the programs solely for your internal business operations subject to the terms of this agreement and the license grants and restrictions set forth with your licensing of such Oracle database programs. We also grant you a nonexclusive, nontransferable limited license to use the programs for purposes of developing your applications. This agreement does not grant any rights or licenses to Oracle database programs. If you want to use the programs for any purpose other than as expressly permitted under this agreement you must contact us, or an Oracle reseller, to obtain the appropriate license. We may audit your use of the programs. Program documentation is either shipped with the programs, or documentation may accessed online at http://www.oracle.com/technetwork/indexes/documentation/index.html.

           

          Ownership and Restrictions                  

           

          We retain all ownership and intellectual property rights in the programs. You may make a sufficient number of copies of the programs for the licensed use and one copy of the programs for backup purposes.

           

          You may not:

           

          • use the programs for any purpose other than as provided above;
          • remove or modify any program markings or any notice of our proprietary rights;
          • assign this agreement or give the programs, program access or an interest in the programs to any individual or entity except as provided under this agreement;
          • cause or permit reverse engineering (unless required by law for interoperability), disassembly or decompilation of the programs;
          • disclose results of any program benchmark tests without our prior consent; or,
          • use any Oracle name, trademark or logo.
          • 2. Re: It is illegal to unwrap the APEX code for educational purposes ?
            user12242205

            Thanks for the quick response... I've readed that, in fact, I've argued explicitly:

             

            considering that the wrap is a way of encoding (like base64, but more complicated) that admits decoding, I can think that decoding not apply for "reverse engineering or decompilation of the programs"

             

            Let me explain better:

            • Reverse engineering is when someone is trying to break a one-way process. The wrap is a two-way (code/decode) process by design. I think that not apply, for the same reason I don't think I'm doing reverse engineering when I decode a base64 coded text
            • Decompilation does not apply, because the wrapped is not a form of compilation

             

            Maybe the response is difficult, because there are no definitions of that terms in the agreement itself. That sentence was copied from the agreement of the Database (for example) and I guess the spirit of the sentence is to protect the binaries. The term "disassembly" was introduced, is not present for example in the Database 11g Express Edition (that comes with APEX), so if the unwrap is a way of disassembly, I cannot unwrap the APEX code if I've accepted the agreement you mention, but yes if I've accepted the agreement of the Database 11g Express Edition

             

            I believe is a question for a lawyer, or maybe the APEX product manager

            • 3. Re: It is illegal to unwrap the APEX code for educational purposes ?
              TexasApexDeveloper

              WHy would you think Oracle would allow you to decompile the APEX package for your own usage?  To me it is a pretty simple question/answer.. If you do this and get acught by Oracle, you will probably need to start looking at Microsoft development tools..

               

              Thank you,

               

              Tony Miller

              Los Alamos, NM

              • 4. Re: It is illegal to unwrap the APEX code for educational purposes ?
                fac586

                user12242205 wrote:

                 

                Thanks for the quick response... I've readed that, in fact, I've argued explicitly:

                 

                considering that the wrap is a way of encoding (like base64, but more complicated) that admits decoding, I can think that decoding not apply for "reverse engineering or decompilation of the programs"

                 

                Let me explain better:

                • Reverse engineering is when someone is trying to break a one-way process. The wrap is a two-way (code/decode) process by design. I think that not apply, for the same reason I don't think I'm doing reverse engineering when I decode a base64 coded text
                • Decompilation does not apply, because the wrapped is not a form of compilation

                 

                Maybe the response is difficult, because there are no definitions of that terms in the agreement itself. That sentence was copied from the agreement of the Database (for example) and I guess the spirit of the sentence is to protect the binaries. The term "disassembly" was introduced, is not present for example in the Database 11g Express Edition (that comes with APEX), so if the unwrap is a way of disassembly, I cannot unwrap the APEX code if I've accepted the agreement you mention, but yes if I've accepted the agreement of the Database 11g Express Edition

                A legal argument could run thus: As supplied, Oracle have engineered the packages to be wrapped, unwrapping them reverses this, therefore reverse engineering has occurred. QED.

                 

                What exactly do you expect to gain from doing this? I'm an Application Express Developer Certified Expert and currently the top contributor on this forum. I have not found it necessary to unwrap and examine any APEX or database packages in order to achieve this level of expertise. I find it more than challenging enough to maintain proficiency in the skills and technologies required to be a good database/APEX developer—relational modelling, physical database design, SQL, PL/SQL, APEX, HTML, CSS, JavaScript etc—without delving into APEX internals that you cannot influence, modify, or reliably utilise in a production context. These can and will change without notice, rendering such knowledge redundant, and applications dependent upon it potentially inoperable or not upgradeable.

                 

                Over the years I've seen a lot of (plainly visible) SQL and PL/SQL developed by Oracle in APEX, APEX packaged apps, eBusiness Suite, and bespoke applications. Much of it is quite unremarkable (or worse). Personally I've learned much more from the published documentation; books and articles by the likes of Tom Kyte, Steven Feuerstein, and Jonathan Lewis; and my own and others efforts here on OTN.

                • 5. Re: It is illegal to unwrap the APEX code for educational purposes ?
                  TexasApexDeveloper

                  Yea, What He Said, Only Double.....

                   

                  Thank you,

                   

                  Tony Miller

                  Los Alamos, NM

                  • 6. Re: It is illegal to unwrap the APEX code for educational purposes ?
                    mark123

                    "What exactly do you expect to gain from doing this? I'm an Application Express Developer Certified Expert and currently the top contributor on this forum. I have not found it necessary to unwrap and examine any APEX or database packages in order to achieve this level of expertise."

                     

                    Maybe he's hoping for a contract with NSA ? 

                     

                    But now  you've got me wondering if a PL/SQL  package wrapped on an Oracle database runs on DB2...

                     

                    Anyway, its obvious no-one  should reverse engineer stuff and I'm certain that people don't do that sort of thing  because its probably illegal. Just not sure how  anyone would know  - unless they mentioned it on a forum of course.

                    • 7. Re: It is illegal to unwrap the APEX code for educational purposes ?
                      Pavel_p

                      Hi Paul,

                      with all due respect, there are some arguable parts in your previous response. In my opinion the source code is the best "documentation" and in some circumstances it can save a lot of time if there is a possibility to read it. Documentation can be obsolete, completely wrong, missing...whatever and the only thing that really matters is the code. I'm not saying it should be the main source of learning/inspiration but there are cases when you desperately need to know what's happening under the hood.

                      My own "real world" two examples:

                      1) Re: STRING_TO_TABLE/TABLE_TO_STRING strange colon handling (would be great if anybody from the dev team could shed some light...) It took more than 10 days from my original suspicion that something strange is happening inside the package to create a showcase and to get a response from the development team. Reading the source instead would probably take 30 minutes. Actually this time I was lucky because not all such questions are answered.

                      2) utl_http.resp reason_phrase equivalent in apex_web_service This time I was not that lucky to pique someone's interest and simply unwrap the package was really tempting. Well, I just let it go and keep the original code using utl_http. Again, I would expect that the answer would be clear in a short time if I could simply read the source.

                      So quite simple answer to your question "What exactly do you expect to gain from doing this?" could be: save time ...and nerves sometimes.

                      Regards,

                      Pavel

                      • 8. Re: It is illegal to unwrap the APEX code for educational purposes ?
                        Alfonso Vicente

                        Thanks Pavel, there are very good points. I just can add "research". To know exactly what each procedure do, what data are inserted/updated in which tables, can let us to develop custom reports, automatic tools to detect changes, or maybe alerts that verify if there are new interoperability dependencies not reflected in an external CMDB ... for example. All of these READ ONLY extensions can be developed just with some knowledge that are difficult to be obtained from de docs

                         

                        In any case, the objective does'n matter, it can be just "curiosity"... because a good (morally good) objective does not turn the illegal in legal

                         

                        In my opinion, there is strictly a semantic/legal question, because the terms like "reverse engineering" or "disassemble" are not defined, and specifically, that not include unwrap. I can argue wrap is just a way of encoding, and decoding is not "reverse engineering"

                         

                        Pete Finnigan sayed that he is not sure if that is legal or not

                         

                        There are any Oracle official position ?

                        • 9. Re: It is illegal to unwrap the APEX code for educational purposes ?
                          Mike Kutz

                          Alfonso Vicente wrote:

                           

                          Thanks Pavel, there are very good points. I just can add "research". To know exactly what each procedure do, what data are inserted/updated in which tables, ....

                          Don't waste your time attempting to create enhanced features on APEX based on their internal code.

                           

                          True story:

                          Fact: APEX's implementation of Apache FOP is limited to the usage of XSLT-1.0. (at least with 4.2)

                          Fact: XSLT-2.0 allows you to create Graphs --- and barcodes -- as part of the template.  Possibly other things that XSLT-1.0 can't do.

                           

                          With my expertise, I was able to create a "Server" to be used for an "External (Apache FOP)" printer that could support XSLT-2.0 (it was for APEX 4.2)

                           

                          However, as soon as I applied a necessary APEX patch, my "server" broke (ie - it no longer worked)

                          The patch caused a version change similar to going From 4.2.0.4.1234 To 4.2.0.4.5432

                           

                          In other words, a simple patch can cause all of your "fancy code" to become null and void.

                           

                          Note - I have not tried to repeat my efforts with APEX 5.x

                           

                          you have been warned.

                           

                          MK

                          • 10. Re: It is illegal to unwrap the APEX code for educational purposes ?
                            Pavel_p

                            There are any Oracle official position ?

                            I think the official position is pretty obvious and one does not have to be a lawyer to understand it. Common sense says that if they wanted us to read the source, they would have left it unwrapped with plenty of comments (it would be nice though). Unfortunately it's wrapped and there is very little we can do about it. Unwrapping seems to be at least "dancing on thin ice".

                            As Mike pointed out, developing tools based on undocumented internal APEX features can be pretty time consuming and fixing it on every new release looks like a waste of time. In my opinion porting your own apps that strictly use only documented features and APIs to every new APEX version provides enough "fun".

                            • 11. Re: It is illegal to unwrap the APEX code for educational purposes ?
                              Alfonso Vicente

                              I understand your point, and Mike's and the others, the technical/methodologic issue is clear, is a very bad idea

                               

                              What I want to know, beyond the common sense, is if I have right to unwrap, althought it can be a very bad idea

                               

                              Oracle has never writed an explicit sentence like "you cannot unwrap the APEX code". Why ? Since Pete Finnigan and many others unveiled the wrap internals, that question has been formulated many times. No oficial response. I suspect that they simply cannot write that sentence (for any reason... I am not a lawyer... but laws and common sense don't follow the same logic). If this was the case, and Oracle cannot write that sentence, then we legally can do it.

                               

                              I suspect (again, just suspect) that as PL/SQL is based in DIANA, and the way of wrapping is clearly a two-way method by design, and maybe any DIANA agreement can apply, Oracle has that problem

                               

                              Any thoughts on this point ?

                               

                              PS: Sorry for my english, maybe my poor writting makes difficult to understand me

                              • 12. Re: It is illegal to unwrap the APEX code for educational purposes ?
                                Mike Kutz

                                Alfonso Vicente wrote: [Post #8]

                                 

                                Thanks Pavel, there are very good points. I just can add "research". To know exactly what each procedure do, what data are inserted/updated in which tables, can let us to develop custom reports, automatic tools to detect changes, or maybe alerts that verify if there are new interoperability dependencies not reflected in an external CMDB ... for example. All of these READ ONLY extensions can be developed just with some knowledge that are difficult to be obtained from de docs

                                 

                                 

                                 

                                Alfonso Vicente wrote: [Post #11]

                                 

                                I understand your point, and Mike's and the others, the technical/methodologic issue is clear, is a very bad idea

                                 

                                What I want to know, beyond the common sense, is if I have right to unwrap, althought it can be a very bad idea

                                 

                                Oracle has never writed an explicit sentence like "you cannot unwrap the APEX code". Why ? Since Pete Finnigan and many others unveiled the wrap internals, that question has been formulated many times. No oficial response. I suspect that they simply cannot write that sentence (for any reason... I am not a lawyer... but laws and common sense don't follow the same logic). If this was the case, and Oracle cannot write that sentence, then we legally can do it.

                                 

                                I suspect (again, just suspect) that as PL/SQL is based in DIANA, and the way of wrapping is clearly a two-way method by design, and maybe any DIANA agreement can apply, Oracle has that problem

                                 

                                Any thoughts on this point ?

                                 

                                 

                                 

                                Current title is

                                It is illegal to unwrap the APEX code for educational purposes ?

                                 

                                Alfonso Vicente wrote: [Post #8]

                                 

                                Thanks Pavel, there are very good points. I just can add "research". To know exactly what each procedure do, what data are inserted/updated in which tables, can let us to develop custom reports, automatic tools to detect changes, or maybe alerts that verify if there are new interoperability dependencies not reflected in an external CMDB ... for example. All of these READ ONLY extensions can be developed just with some knowledge that are difficult to be obtained from de docs

                                 

                                MY CURRENT THOUGHT:

                                If you have to correct the title to your thread to become "legal", then, common sense says "you are trying to doing something illegal in a legal manner" (ie find a loop hole).

                                 

                                FINAL THOUGHT ON THIS MATTER

                                 

                                All licensing questions should be forwarded to your local friendly oracle sales representative.

                                 

                                This includes questions about  a License Agreements for one of their products.  (eg Oracle Application Express [APEX])

                                 

                                MK

                                • 13. Re: It is illegal to unwrap the APEX code for educational purposes ?
                                  Alfonso Vicente

                                  MK, thanks for your effort

                                   

                                  The law is normative, as far as I understand there is no way to do something illegal in a legal manner. Everything that the law does not prohibit, we are permitted to do. I want to do something, and trying to know if there is illegal before of do it

                                   

                                  I could contact my local friendly oracle sales representative or not, depending on whether I have one. I have one, but I thought that getting a final, official, public answer on this matter could help many others who may have the same question.

                                   

                                  With this silence, I'm confirming that there is no way of get that final, official, public answer.