Should I be posting this anonymously?
May 17, 2005 9:17 AM Subscribe
Does my reverse engineering a protocol for a poker website constitute a violation of the DMCA (or any other statute?)
So I play a little online poker, and as a programmer, I write stuff related to it. I wrote, in particular, something that takes hand positions and makes analyses of them, things like, what are the odds of improving your hand in the next draw, how many possible hands out there beat yours, etc. Since this is no good if you constantly have to be entering data into it, I fooled around with figuring out how to get the data directly from the poker client while you're playing.
Turns out this is pretty easy. Anyway, in the course of doing so, I *thought* I had discovered a huge security hole in the protocol. Turns out that I was wrong.
But. What if I was right? Is what I did illegal? (reverse-engineering the protocol of a website's poker client). There is not really a moral dilemma here for me. If I was correct, I was planning on notifying the poker website -- but not if doing so would get me in trouble.
Clarifying remark: the client uses openssl encryption. To get around this I modified my version of the ssl library, in a manner that is compatible with the terms of the openssl license. Once the encryption is removed there is no further obfuscation or encryption of the data stream.
Further clarifying remark: all the data sent to "my" client is either public data or intended for me, as far as I can tell, that is, it's either remarks about game play "Player 2 folds" or "2clubs dealt to the river" or it's telling me private things about myself, like the cards that are dealt to me. For a short time I thought you could get info about other players from the protocol, but you can't.