Blue's News

Jim Dosť's March 12, 1997 .plan

Despite the fact that I have to be up in 6 hours, I'm going to take some time to write about something that I am concerned about--QC decompilers.

If you have had some experience programming, you probably know that when a program is compiled, information about it is stored in the executable in order to facilitate debugging the program. Anyone who has programmed a bit knows that having the debugging info about a program is the next best thing to having the source code. Put a program with debugging info in it through a disassembler and you will see an assembly language listing of the program with convenient variable and function names. When a program is compiled for the public, the programmer will generally make sure that this information is stripped from the executable--the end user won't need it, and it gives away vital information about how the program works.

When John Carmack created Quake C, he made sure that information such as variable names and file names were kept intact in order to help locate bugs. Without this information, bugs would be very hard to find.

Right now you're thinking "Aha! He's about to say that you can find out how the QC program works by putting it through a QC disassembler." Yes, but even more interesting than that is that you can get the entire SOURCE CODE for the QC program!

How is this possible? Well, it has to do with the fact that the QC compiler doesn't actually compile the program into machine code, it tokenizes it. What this means is that it converts it into a simpler form that Quake can interperate quickly, but it is still the same code. If a person knows what the code means, they can turn it back into its original form.

Now I finally get to the point. Several programs have emerged on the Internet that allow you to take the compiled QC data from Quake and turn it back into source code. This isn't a particularly recent event. In fact, I think the first one appeared soon after the release of QTest.

Now, this isn't a big deal in itself since Id released the QC files already, but there have been a lot of people (including us at Hipnotic) who have taken Id's code and enhanced it with their own features. A lot of very simple (although, very interesting) things have been made, but some have been exceptional, worthy of being sold as their own product, in fact.

Now, you may be thinking that I'm pointing to our product, Quake Mission pack #1:Scourge of Armagon (obvious plug), but I'm not. At some point in the future we are probably going to release the QC files to the public, so I'm not particularly concerned if people find out how we did things in it. (Note: We actually did release the code the other day. At the time I wrote this, I didn't know Mark had also posted the QC files. Anyone interested can check www.hipnotic.com for the source code to the mission pack).

The thing I am concerned with here is those exceptional add-ons that people have made. Several of these required a lot of thought, time, and hard work in order to produce. These decompilers give anyone the ability to view the source code without the author's permission.

Maybe you're thinking "Well, so what? The Quake community is built upon sharing. Id shared their secrets with us. If people didn't share their work, there wouldn't be any new Quake maps and add-ons for people to play." This is a very valid point, but we must remember that there are people out there who are willing and able to exploit this generosity.

We've already seen several companies who consider it a matter of policy to take people's maps from the Internet, remove any reference to the author, and then sell them in stores for their own profit. These very same people (and a few more) would have no problem taking the source code to CTF or the Reaper Bots and make their own game with them. This is not right.

So what can be done? Well, taking the decompilers off the net won't help (once it's put out, it's always out there somewhere) and isn't the answer since they can also benefit the Quake community.

One suggestion I have is for some enterprising person to develop a program to remove (or scramble) the information that makes it possible to decompile the code, but still allows Quake to run the game. Authors who didn't wish for their secrets to be at risk could run this program to protect their work. I'm not sure that this is even possible or if it would be an effective security measure.

How does everyone out there feel about this? Is this an issue? Is it worth worrying about? What do you think can be done to prevent the misuse of people's hard work? If anyone has any suggestions, please (gulp!) e-mail them to me.

Thanks for your time.