1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
|
%include "default.mgp"
%default 1 bgrad
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
%nodefault
%back "blue"
%center
%size 7
GPL Workshop
How to (not?) use Free Software
%center
%size 4
by
Harald Welte <laforge@gpl-violations.org>
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to (not) use GPL Software
Contents
About the speaker
Ideas / Goals of the GPL
How to (not) use GPL Software
Complete Source Code
Derivative Works
Collective Works
GPL and Embedded Systems
The biggest GPL Myths
Thanks
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to (not) use GPL Software
Introduction
Who is speaking to you?
an independent Free Software developer
who earns his living off Free Software since 1997
who is one of the authors of the Linux kernel firewall system called netfilter/iptables
who has started gpl-violations.org to enforce license compliance
who IS NOT A LAWYER
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to (not) use GPL Software
Disclaimer
Legal Disclaimer
All information presented here is provided on an as-is basis
There is no warranty for correctness of legal information
The author is not a lawyer
This does not comprise legal advise
The authors' experience is limited to German copyright law
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to (not) use GPL Software
Ideas and Goals of the GNU GPL
Free Software
Software that has fundamental freedoms:
to use it for any purpose
to "help your neighbour" (i.e. make copies)
to study it's functionality (reading source code)
to fix it myself (make modifications and run them)
Copyleft
Is the legal idea to
exercising copyright to grant the above freedoms
assure that nobody can take away the freedom
The GNU General Public License
Is a legal instrument to apply they copyleft idea on software
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to (not) use GPL Software
The GNU GPL revisited
Revisiting the GNU General Public License
Regulates distribution of copyrighted code, not usage
Allows distribution of source code and modified source code
The license itself is mentioned
A copy of the license accompanies every copy
Allows distribution of binaries or modified binaries, if
The license itself is mentioned
A copy of the license accompanies every copy
The complete source code is either included with the copy (alternatively a written offer to send the source code on request to any 3rd party)
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to (not) use GPL Software
Complete Source Code
%size 3
"... complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable."
For standard C-language programs, this means:
Source Code
Makefiles
compile-time Configuration (such as kernel .config)
General Rule:
Intent of License is to enable user to run modified versions of the program. They need to be enabled to do so.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to (not) use GPL Software
Derivative Works
What is a derivative work?
Not dependent on any particular kind of technology (static/dynamic linking, dlopen, whatever)
Even while the modification can itself be a copyrightable work, the combination with GPL-licensed code is subject to GPL.
As soon as code is written for a specific non-standard API (such as the iptables plugin API), there is significant indication for a derivative work
This position has been successfully enforced out-of-court with two Vendors so far (iptables modules/plugins).
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to (not) use GPL Software
Derivative Works
Binary-only kernel modules
In-kernel proprietary code (binary kernel modules) are hard to claim GPL compliant
Case-by-case analysis required, as the level of integration into the GPL licensed kernel code depends on particular case
IBM is in the process of getting rid of all binary-only kernel modules. There are exceptions, but they are very clear ones (such as a filesystem port to linux, where the filesystem code already existed under another OS)
There is no general acceptance or tolerance to binary-only kernel modules in the Linux (development) community. Not even Linus himself has ever granted an exception for such modules!
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to (not) use GPL Software
Derivative Works
Glue Code
Acts as glue layer between GPL licensed code and proprietary code
Some Vendors think they can avoid the GPL by doing so
Is definitely not a bullet-proof legal solution, especially when it is clearly visible that the only purpose of this glue code is to "get rid" of the GPL.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to (not) use GPL Software
Derivative Works
Moral Issues
Apart from what is legally possible, there are moral issues
Even if in a particular case there is no legal way to claim a binary-only kernel module is a derivative work, you might still be acting against the authors' wishes
By shipping binary-only kernel modules, you violate the "moral code of conduct" of the Free Software community
But it is the work of this very community that enables you to build your product based on Free Software
Such action might have long-term detrimental effects on the motivation of FOSS developers (dissatisfaction, demotivation, ...)
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to (not) use GPL Software
Collective Works
%size 3
"... it is not the intent .. to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works ..."
GPL controls "collective works"
%size 3
"... mere aggregation of another work ... with the program on a volume of a storage or distribution medium does not bring the other work und the scope of this license"
GPL allows "mere aggregation"
like a general-porpose GNU/Linux distribution (SuSE, Red Hat, ...)
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to (not) use GPL Software
GPL And Embedded Systems
Historical background:
The GPL was written for userspace programs running on existing operating systems
Covering a whole OS (and even userspace programs) is not an ideal match, but if you read it carefully it still makes sense
Toolchain:
%size 3
"... the source code distributed need not include anything that is normally
distributed (in either source or binary form) with the major components
(compiler, kernel, and so on) of the operating system on which the executable
runs, unless that component itself accompanies the executable."
Practical case:
You've modified gcc for a specific embedded platform
Therefore, this gcc is not "normally distributed with the operating system" and you have to distribute it together with the source code
gcc itself is covered under GPL, so you need to provide binaries and source code(!)
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to (not) use GPL Software
GPL And Embedded Systems
The "Scripts"
(scripts to control compilation and installation, see earlier slide)
In case of embedded hardware, the "scripts" include:
Tools for generating the firmware binary from the source (even if they are technically no 'scripts')
Embedded DRM
Intent of License is to enable user to run modified versions of the program. They need to be enabled to do so.
Result: Signing binaries and only accepting signed versions from the bootloader (without providing the signature key or a possibility to set a new key in the bootloader) is not acceptable!
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to (not) use GPL Software
Practical Source Code Offer
Some Rules
The "complete corresponding source code" has to be made available
It has to be made available for each and every object-code version that was distributed
If you strip down the source code offer (e.g. remove proprietary source code), try to see whether the result actually compiles
If the product is mixed free / proprietary software, consider including the proprietary parts (as object code) in the "source code package", so the full firmware image can be rebuilt without having to tear apart an existing image and ripping out those proprietary programs from there.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to (not) use GPL Software
The biggest myths about the GPL
The biggest myths about the GPL
The GPL is not enforcible
Software licensed under GPL has no copyright
Unmodified distribution does not require source code availability
The vendor can wait for a source code request (without offering it)
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to (not) use GPL Software
The most common mistakes
The most common mistakes
not even once reading the GPL text and/or the FAQ from the FSF
not including the GPL license text with the product
not including a written offer with the product
not considering that the GPL also applies to software updates
only providing original source code (e.g. vanilla kernel.org kernel)
not including the "scripts to control installation"
only providing off-site hyperlinks to license and/ore source code
not responding to support requests for source code
charging rediculously high fees for physical shipping of source code
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to (not) use GPL Software
License Compatibility
There's lots of Free Software available
Different Software uses different Licenses:
Linux: GPL
glibc: LGPL
apache: Apache Software License
Perl: Artistic
ucd-snmp: BSD
If you combine (i.e. link) differently-licensed software,
check license compatibility
in case of doubt, ask legal person and/or contact software authors
authors might give you an exception or consider making licenses compatible
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to (not) use GPL Software
Dual Licensing
The copyright holder (often the original author) can provide alternative licensing
Some projects do this as a business model (reiserfs, MySQL)
In some projects it's impossible due to the extremely distributed copyright (e.g. Linux kernel)
However, in smaller projects it never hurts to ask whether there would be interest in providing an alternative (non-copyleft) licensing
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
The GNU GPL Revisited
GPL Violations
When do I violate the license
when one ore more of the obligations are not fulfilled
What risk do I take if I violate the license?
the GPL automatically revokes any usage right
any copyright holder can obtain a preliminary injunction banning distribution of the infringing product
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
GNU GPL - Copyright helps Copyleft
Past GPL enforcement
Past GPL enforcement
GPL violations are nothing new, as GPL licensed software is nothing new.
However, the recent GNU/Linux hype made GPL licensed software used more often
The FSF enforces GPL violations of code on which they hold the copyright
silently, without public notice
in lengthy negotiations
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
GNU GPL - Copyright helps Copyleft
The Linksys case
During 2003 the "Linksys" case drew a lot of attention
Linksys was selling 802.11 WLAN Acces Ponts / Routers
Lots of GPL licensed software embedded in the device (included Linux, uClibc, busybox, iptables, ...)
FSF led alliance took the usual "quiet" approach
Linksys bought itself a lot of time
Some source code was released two months later
About four months later, full GPL compliance was achieved
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
GNU GPL - Copyright helps Copyleft
The Linksys case
Some developers didn't agree with this approach
not enough publicity
violators don't loose anything by first not complying and wait for the FSF
four months delay is too much for low product lifecycles in WLAN world
The netfilter/iptables project started to do their own enforcement in more cases that were coming up
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
GNU GPL - Copyright helps Copyleft
Enforcement case timeline
In chronological order
some user sends us a note he found our code somewhere
reverse engineering of firmware images
test purchase to verify device ships gpl-incompliant
sending the infringing organization a warning notice
wait for them to sign a statement to cease and desist
if no statement is signed
contract technical expert to do a study
apply for a preliminary injunction
if statement was signed
try to work out the details
grace period for boxes in stock possible
try to indicate that a donation would be good PR
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
GNU GPL - Copyright helps Copyleft
Sucess so far
Success so far
amicable agreements with a number (35+) of companies
some of which made significant donations to charitable organizations of the free software community
preliminary injunction against Sitecom, Sitecom also lost appeals case
court decision of munich district court in Sitecom appeals case
three more preliminary injunctions
more settled cases (not public yet)
negotiating in more cases
public awareness
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
GNU GPL - Copyright helps Copyleft
Cases so far (1/3)
Allnet GmbH
Siemens AG
Fujitsu-Siemens Computers GmbH
Axis A.B.
Securepoint GmbH
U.S.Robotics Germany GmbH
Netgear GmbH
Belkin Compnents GmbH
Asus GmbH
Gateprotect GmbH
Sitecom GmbH / B.V.
TomTom B.V.
Gigabyte Technologies GmbH
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
GNU GPL - Copyright helps Copyleft
Cases so far (2/3)
Sun Deutschland GmbH
Open-E GmbH
Siemens AG (second case)
Deutsche Telekom AG
Hitachi Inc.
Tecom Inc.
ARP Datacon GmbH
Conceptronic B.V.
D-Link GmbH
Adaptec Deutschland GmbH
Belkin Compnents GmbH (second case)
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
GNU GPL - Copyright helps Copyleft
Cases so far (3/3)
Siemens AG (third case)
TARGA GmbH
Medion AG
naviflash GmbH
Maxtor Inc.
Cisco Deutschland GmbH
Fortinet
naviflash GmbH
iRiver Europe GmbH
Cisco Deutschland GmbH (second case)
Acer Deutschland GmbH
SMC Networks GmbH
>= 100 more not public
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
GNU GPL - Copyright helps Copyleft
What we've learned
Copyleft-style licenses can be enforced!
A lot of companies don't take Free Software licenses seriously
Even corporations with large legal departments who should know
Reasons unclear, probably the financial risk of infringement was considered less than the expected gains
The FUD spread about "GPL not holding up in court" has disappeared
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
GNU GPL - Copyright helps Copyleft
Future GPL Enforcement
GPL Enforcement
remains an important issue for Free Software
will start to happen within the court more often
has to be made public in order to raise awareness
will probably happen within some form of organization
talks have started with the FSF Europe
What about Copylefted Content (Creative Commons)
probably just a matter of time until CC-licensed works of art are infringed
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
GNU GPL - Copyright helps Copyleft
Problems of GPL Enforcement
Problems
distributed copyright
is an important safeguard
can make enforcement difficult, since copyright traditionally doesn't know cases with thousands of copyright holders
distribution of damages extremely difficult
the legal issue of having to do reverse engineering in order to prove copyright infringement(!)
only the copyright holder (in most cases the author) can do it
users discovering GPL'd software need to communicate those issues to all entitled parties (copyright holders)
infringers obfuscating and/or encrypting fres software as disguise
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
GNU GPL - Copyright helps Copyleft
gpl-violations.org
The http://www.gpl-violations.org/ project was started ~ 3 year ago
as a platform wher users can report alleged violations
to verify those violations and inform all copyright holders
to inform the public about ongoing enforcement efforts
At the moment, project is only backed by the author
more volunteers needed to investigate all cases
something like 270 reported (alleged) violations backlog
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
GNU GPL - Copyright helps Copyleft
Make later enforcement easy
Practical rules for proof by reverse engineering
Don't fix typos in error messages and symbol names
Leave obscure error messages like 'Rusty needs more caffeine'
Make binary contain string of copyright message, not only source
Practical rules for potential damages claims
Use revision control system
Document source of each copyrightable contribution
Name+Email address in CVS commit message
Consider something like FSFE FLA (Fiduciary License Agreement)
Make sure that employers are fine with contributions of their employees
If you find out about violation
Don't make it public (has to be new/urgent for injunctive relief)
Contact lawyer immediately to send wanrning notice
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to find GPL violations
Finding GPL violations
Finding GPL violations in embedded systems
Software based reverse engineering techniques
Analyze firmware update files
Exploit security bugs in firmware
Use existing "backdoors"
Hardware based reverse engineering techniques
Take actual board apart, note major components
Find + use JTAG testpads
Find + use serial console
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to find GPL violations
Finding GPL violations
Software based reverse enigneering
Analyzing firmware update files
Typically very easy, you don't even need the device to start with
Firmware updates available on the internet
Start with hex-editor, 'strings' and some pattern-matching
Find magic numbers of kernel image, cramfs/jffs2 rootfs image
extract kernel and/or rootfs by very easy means (dd, gzip/bzip2, ...)
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to find GPL violations
Finding GPL violations
Software based reverse enigneering
Exploit security bugs in firmware
Typical embedded system vendor has
zero clue about Linux
zero clue about Security
ages old software versions
Therefore, very easy to exploit years-old security problems
buffer overflows, stack smashing
HTTP UI scripting problems (quoting problems)
Goal
to get a [root] shell on the affected device
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to find GPL violations
Finding GPL violations
Software based reverse enigneering
Use existing "backdoors"
Sometimes, devices have existing backdoors from R&D
e.g. special undocumented command in telnet or SSH UI for getting a shell
very device-specific, no generic rule how to find it
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to find GPL violations
Hardware based reverse engineering
Hardware based reverse engineering
almost always successful
amount of work differs from device to device
see the next slides for an example
BTW: the device in question is NOT a GPL violation
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to find GPL violations
Take hardware apart
Opening the case and void your warranty
%image "x800_backside_nobat_nocover.jpg"
Note the convenient test pads beneath the battery
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to find GPL violations
Take hardware apart
Opening the case
%image "x800_opening_the_case.jpg" 800x600
If you have a bit of experience in taking apart devices, you can do that without any damage...
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to find GPL violations
Take hardware apart
The Mainboard with all its shielding covers
%image "x800_mainboard_with_shielding.jpg" 800x600
Obvoiusly, the shielding needs to go
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to find GPL violations
Take hardware apart
The application processor section
%image "x800_application_processor.jpg"
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to find GPL violations
Take hardware apart
The HSDPA modem section
%image "x800_hsdpa_modem.jpg"
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to find GPL violations
Take hardware apart
The backside
%image "x800_backside_with_lcm.jpg"
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to find GPL violations
JTAG pins
JTAG is a very useful interface
boundary scan (EXTEST + INTEST)
ARM Integrated Debug Macrocell
Find + use JTAG testpads
look for suspicious testpads on PCB
tracing PCB traces impossible at 8-layer PCB
trial + error
sometimes you might find schematics ;)
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to find GPL violations
JTAG pins
Find + use JTAG testpads
%image "e680_jtag.jpg"
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to find GPL violations
JTAG pins
Find + use JTAG testpads
JTAG is basically a long shift register
Input, Output, Clock (TDI, TDO, TCK)
Therefore, you can try to shift data in and check if/where it comes out
Automatized JTAG search by project "jtagfinder" by Hunz (German CCC member)
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to find GPL violations
JTAG pins
Find + use JTAG testpads
%image "x800_dbgconn_closeup.jpg"
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to find GPL violations
JTAG pins
Find + use JTAG testpads
%image "x800_debcon_pcb.jpg"
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to find GPL violations
JTAG pins
Find + use JTAG testpads
%image "x800_jtagfinder_probes.jpg"
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to find GPL violations
JTAG pins
Find + use JTAG testpads
%image "x800_jtagfinder.jpg"
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to find GPL violations
JTAG pins
Found JTAG pins
Chain 1
Samsung S3C2442 Application Processor
Has standard ARM JTAG ICE
Chain 2
CPLD programming interface
Remaining work
find the nTRST and nSRST pins
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
How to find GPL violations
Serial console
How to find the serial console
Just run some code that you think writes to it
Use a Scope to find typical patterns of a serial port
I haven't actually done (or needed) this on the glofiish yet, but on many other devices
RxD pin is harder to find, just trial+error usually works as soon as you have some interactive prompt that echo's the characters you write
Don't forget to add level shifter from 3.3/5V to RS232 levels
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
GNU GPL - Copyright helps Copyleft
The End
%size 4
Further reading:
%size 4
The http://gpl-violations.org/ project
%size 4
The Free Software Foundation http://www.fsf.org/, http://www.fsf-europe.org/
%size 4
The GNU Project http://www.gnu.org/
%size 4
The netfilter homepage http://www.netfilter.org/
%% http://management.itmanagersjournal.com/management/04/05/31/1733229.shtml?tid=85&tid=4
|
