Bruno Kerouanton

Last march, there was an information that saddened most retro-engineers (aka reversers) and professional developers (at least those developing low-level software such as drivers) : After 20 years of existence, the famous Ring-0 debugger SoftIce had been discontinued.

Sad enough to remember that this was not only the best ring-0 debugger, but also the only one except the Kernel Debugger from Microsoft, that is far less friendly, and only runs under Windows.

Now, it seems that most kernel/drivers developpers have started to switch back to the Kernel Debugger. Being less convenient and unable to load all the excellent plugins that were developped during all those years by famous and good developers/reversers, it is really sad…

Hopefully, there is a new Ring0 debugger arising called “RR0D“, acronym for Rasta Ring0 Debugger. Made by nice guys from France, it seems to be a real alternative. As an example, this debugger was really helpful to reverse the Skype binary, with all its caveats and anti-debugging tricks (note that this exercise was a good way to enhance RR0D, since it was its done by its author itself !).

For people who don’t know exactly what stakes are concerning those debugger stories, let me explain the whole story.

Back into the 90’s, computers were running using different processor families, among those the Zilog Z80s, Motorola’s 65xx, 68xx, 68xxx, and PowerPC, and on the other side the Intel’s i3×6 family. Of course there were additional less known processors such as Sun Sparc or Dec Alpha, but the majority of computers were using chips from three companies.

At this time, there were also many low-level software developement tools for all those computers, because the hardware resources were quite low compared to now, and because it was more common to use assembly language than high-level languages to develop. As an example, I was a Devpac/MonST/Adebug expert on Atari ST lonce ago… But like dinosaurs, all those computers disapeared, and with them all those great tools.

With the development of the PC and Windows that were only running on Intel processors, that weakened the other electronics companies. Apple’s exclusive use of 68xxx and PowerPCs was helping Motorola and IBM on this processor market. But Intel was finally the real winner of the game with last year’s decision of Apple to withdraw from the market computers that were not using Intel chips. That leaves us with only *one* chip manufacturer for our IT industry… (well there are small other companies, such as ARM that was bought by Intel, then sold a few weeks ago to Marvell for $600M)

So, we can assume that sooner of longer we will have only one chip manufacturer for all IT needs. This will ease the job of developpers, that is sure. But the question left is about who cares, finally ? The decision of Apple to switch from PowerPC to Intel demonstrated that low-level programming is no longer something that has to be carried/learned/taught to developers. Most applications were made using high-level languages, thus helping the port from a processor family to another since *theorically* high-level languages are supposed to be processor independant. That is a good point for those developpers (the vast majority of the whole developper community, in fact) since they only have to focus on their high-level objectives and don’t have to bother with driver issues and strange things as software/hardware interruptions, and so on.

For a small minority of developers that want to dig further into the system, for example in order to develop drivers, to optimize the programs, to write an alternative operating system or simply to debug their own program and check security issues, matters are going worse. The assumption that “today nobody uses low-level languages” is preventing those people to achieve their work correctly. Fifteen years ago there were plenty of debuggers/assemblers/tools that were useful to *understand* what was going on under the hood of the computer. Now, it seems this is more and more difficult to do find such software, and even if it’s possible to get them, it is becoming illegal to use them.

So, let’s draw a summary of the situation :

• Most good low-level software companies have discontinued their products because they argue that the future of developers is now to use exclusively high-level programming, or for some obscure reasons,

• There are very aggressive laws that forbid the use or even detention of such software and tools (DMCA in the USA, law 323-3-1 of the Penal Code in France, and so on…) mostly because they could be used to commit crimes (but cars are not bannished, and too can be used for such same purposes…).

• The leaders of the software industry are now (or in the near future) controlling the use of those programs since they are the only ones able to provide low-level tools, and strongly recommands developpers to use their high-level languages. Hardware integrity checking and DRM are starting to be used to check software’s integrity and signature. It is a good point to prevent piracy and malwares, but a really bad point if those signatures can not be created by others than leaders of the software industry, in exchange of a fee. Already now, many hardware manufactuers companies (even big ones) that fail to pay the price to get “signed” device drivers (is it a sort of tax to software companies ?) have to stand annoying screens for the users when they install the software.

• The few last companies that sells those low-level programs are very concerned about all of this and need support from their users since they are constantly being under pressure.

• There are fortunately nice developpers that release good tools, but they too fear those recent laws…

On the other hand, I may be too pessimistic since there are good Low-level programming/reversing conferences such as ReCon, and more and more people interested/involved in such topics. Embedded computing is a really big market and offers many brilliant expectations and opportunities.

The problem is that the end/final user doesn’t know anything about this… and seems very far to be concerned by it. Some even don’t understand anything about this :

I was really angry last week when I discovered on a major french newspaper an article about free software. Its author obviously do not understand its stakes and *even* what is free software. Its personal webpage tells the same. If you read french, please read those articles, and the user’s commentaries left, “it’s worth its weight in peanuts” (word to word translation for “ça vaut son pesant de cacahuettes”, meaning it’s obviously worth reading to figure out what’s wrong…)

RESUME : Mon coup d’humeur sur le constat que les outils de programmation et de déboguage bas-niveau sont en train de disparaître petit à petit, que de toute façon nous n’aurons un jour ou l’autre plus le droit de nous en servir non plus, et que cela n’aide pas l’utilisateur final qui n’y comprend rien (et qui n’a d’ailleurs pas à savoir tout cela).

Mon coup de gueule à propos d’un article sur le logiciel libre dans le journal Libération, d’un auteur qui manifestement ne comprend pas grand chose aux enjeux (ou bien il s’est fait payer par certaines sociétés ?). A lire donc, ainsi que les commentaires des internautes, et ainsi que son site perso… On n’est pas sortis de l’auberge, avec des énormités pareilles…