Forgot your password?
typodupeerror
Microsoft Software Windows Technology

Nokia Engineer Shows How To Pirate Windows 8 Metro Apps, Bypass In-app Purchases 268

Posted by Soulskill
from the internet-never-forgets dept.
MrSeb writes "The principal engineer for Nokia's WP7 and WP8 devices, Justin Angel, has demonstrated, in rather frank detail, how to pirate Windows 8 Metro apps, how to bypass in-app purchases, and how to remove in-game ads. These hacks aren't exactly easy, but more worryingly they're not exactly hard either. Angel shows that turning a trial version of a Metro app into the full version — i.e. pirating an app — is scarily simple. It's just a matter of downloading an open-source app and changing an XML attribute from 'Trial' to 'Full.' Likewise, a quick change to a XAML file can remove an app's ads. Bypassing in-app purchases is a little trickier, involving some reverse engineering of some DLLs and and decryption of database files, but Angel still makes it look fairly easy. Angel gives himself one million credits in Soulcraft, an RPG game — something that would cost you over a thousand dollars, if you performed a legitimate in-app purchase. Angel also demonstrates a way to bypass in-app purchases in WinJS (Metro/JavaScript) apps, by injecting scripts into IE10 (the rendering engine for WinJS apps). It's easy to blame Microsoft for this, but isn't this really an issue that is intrinsic to all installed applications? The fact is, Windows 8 Metro apps are stored on your hard drive — and this means that you have access to the code and data. Hex editors, save game editors, bypassing Adobe's 30-day trials by replacing DLL files, pirating Windows 8 apps — these are all just different incarnations of the same attack vectors."
This discussion has been archived. No new comments can be posted.

Nokia Engineer Shows How To Pirate Windows 8 Metro Apps, Bypass In-app Purchases

Comments Filter:
  • by Anonymous Coward on Tuesday December 11, 2012 @08:26PM (#42255719)

    But instead they'll be on the phone with Nokia trying to get this guy fired.

  • by BitZtream (692029) on Tuesday December 11, 2012 @08:27PM (#42255733)

    Its nothing that hasn't been done for as long as I've used computers.

    Yes, you can change code and work around everything.

    SecureBoot with a fully trusted chain makes it impossible ... right up until an exploit is found in the chain.

    Cracking isn't new, and this isn't particularly impressive. Not that credit isn't do for pointing it out, the guy is the 'First Post' so to speak, but other than that, its just 'meh, I did this when I was 15' and it was harder then as programmers weren't so lazy to store things in easily editable unsigned XML files since MOST people using computers had a bit of a clue.

  • Bruce (Score:5, Insightful)

    by girlintraining (1395911) on Tuesday December 11, 2012 @08:30PM (#42255759)

    Bruce Schneider just facepalmed. How many times do you people need to be told client side security doesn't work? Of course the Windows 8 store got hacked: No matter how much you try to lock it down, all you're doing is just giving some bored teenagers and underemployed/unemployed programmers something to challenge them. The Playstation 3 had some very advanced client-side security. It still got broken. It took them awhile, but it fell, as all client side security must. If you have physical access to the hardware, you own it. It may take a mod chip, it may take a special program, or technical knowledge, but the problem is one that although the skillset required to hack it may be highly specialized, once that single success happens, everybody reaps the benefits within hours to months. And there are far more bored engineers than there are DRM proponents. All client-side DRM has ever accomplished is frustrating and annoying paying customers.

    This isn't news. This isn't even interesting. Hell, let's be honest here -- how many of you work at a company that has plans to migrate to Windows 8? Support it for people who have it at home? How many of you are planning on making it your primary operating system?

    I see very few hands. This operating system exploded on the launch pad. It's an attempt to emulate Apple, and they botched it so hard that senior Microsoft executives will be getting handed pink slips by the end of next year -- I'd wager serious money on that. Microsoft lost its ability to innovate awhile ago... now it just follows where the market goes, maintaining a profit margin but never pushing the margins of the technology. The reasons for this are many and beyond the scope of this post...

    But don't act surprised when someone cracks a client-side security scheme. No implimentation of it has denied a determined attacker with the resources of a private individual or (at worst) a small company to date. It has a fundamental design flaw that cannot be corrected.

  • by WiiVault (1039946) on Tuesday December 11, 2012 @08:33PM (#42255785)
    I really hope Nokia realized that when they sold their soul to MS they don't get to say what they want anymore. They are tied to a much stronger company, who literally controls their only chance at having any relevance in smartphones. When they had options, and in-house OS production they might have been able to say what they wanted, and risk souring one of many relationships. Now it's all the eggs in one place, with a company not known for treating even perfect partners with an ounce of respect.
  • by WiiVault (1039946) on Tuesday December 11, 2012 @08:36PM (#42255805)
    To be fair, I don't believe there is a jailbreak for iOS6 or any of the new iDevices. So I imagine that number must have gone down. Of course the general gist of what you say is accurate. If WP8 gains any relevance at all I expect them to be in the same boat Apple and Google are in.
  • By design (Score:5, Insightful)

    by future assassin (639396) on Tuesday December 11, 2012 @08:40PM (#42255843) Homepage

    how else would they increase their user base.

  • Re:Bruce (Score:4, Insightful)

    by PhrostyMcByte (589271) <phrosty@gmail.com> on Tuesday December 11, 2012 @08:44PM (#42255869) Homepage

    How many times do you people need to be told client side security doesn't work?

    Client-side security is like a lock on your front door. It's there to keep people honest, not to keep people out. Clearly it was not targeting people like Mr. Angel.

  • by davydagger (2566757) on Tuesday December 11, 2012 @08:46PM (#42255889)
    if he loved his company, he would hate microsoft.
  • by andydread (758754) on Tuesday December 11, 2012 @08:50PM (#42255921)
    wow 7:21PM. Heres a clue when trolling slashdot wait a few minutes before posting.
  • Re:Bruce (Score:2, Insightful)

    by LordLucless (582312) on Tuesday December 11, 2012 @08:59PM (#42255977)

    No, client-side security is like someone else putting a lock on your front door. It's there to extort a profit out of you, not provide you with any benefit. People are clearly justified in ripping the damn thing off their property, and people like Mr. Angel should be praised for showing them how.

  • Re:Attack vector? (Score:5, Insightful)

    by Arker (91948) on Tuesday December 11, 2012 @09:07PM (#42256029) Homepage
    No, my ability to alter bits on my hardware is not an 'attack' it's proper functioning of a general purpose computer. If people have invested in business models predicated on my inability to modify the bits on my hardware, that is their problem, but it's not an 'attack' it's simply their own short-sightedness and stupidity.
  • Re:Attack vector? (Score:5, Insightful)

    by viperidaenz (2515578) on Tuesday December 11, 2012 @09:19PM (#42256101)
    Hence the movement of DRM to must-be-connected-to-internet-at-all-times-to-play
  • by Khyber (864651) <techkitsune@gmail.com> on Tuesday December 11, 2012 @09:24PM (#42256135) Homepage Journal

    Another victim of our failing educational system...

  • by Anonymous Coward on Wednesday December 12, 2012 @12:10AM (#42257095)

    It's not our fault they gave us the full version and just called it a trial. If you just want to offer a trial, don't give us the entire app maybe?
    It sure as hell isn't theft if it's being offered thru the app store. I can't be arsed to run ALL of your code, just the parts I want will run.
    This is equivalent to a car dealer offering test drives by shipping cars to everyone's house with the keys and just relying on everyone to ship them back when they have finished their "trial."

  • by Anonymous Coward on Wednesday December 12, 2012 @12:29AM (#42257161)

    Actually, they didn't chose to charge for it. They give the full app with a "trial" badge on it. It's their fault 100% that they gave the whole app for free.

  • Re:Bruce (Score:5, Insightful)

    by lister king of smeg (2481612) on Wednesday December 12, 2012 @01:38AM (#42257457)

    it wasn't cracked for five years because it was wide open for the first few until sony decided that they needed to be a douche and screw look people out of using a feature that they had paid for.

  • by LordLimecat (1103839) on Wednesday December 12, 2012 @02:35AM (#42257703)

    If you just want to offer a trial, don't give us the entire app maybe?

    So costs go up for everyone, just because some people have an entitlement complex. Way to refute parent.

  • by SmallFurryCreature (593017) on Wednesday December 12, 2012 @04:56AM (#42258315) Journal

    A lot of people have had issues with MS going the walled garden route but the true reason to fear it a bit more complex.

    Up until quite recent, MS didn't really care about piracy of its own products and not at all about piracy of 3rd party products. After all, illegal copies helped MS software spread to the home, so people got used to it and demanded it in the office where they didn't need retraining. Then MS just made its money from office installs and everyone was happy. It worked VERY well for MS.

    MS cared even less for what happened to 3rd party applications, after all, the more usable a Dos/Windows install was, the more it would become the dominant force. Adobe itself also doesn't really care about amateurs/students using illegal copies of Photoshop, just as long as you become a paying customer once you make money with it, they do fine.

    But with a payed walled garden, MS has a stake in 3rd party sales. Piracy hurts its bottom line. The only way to stop this is Trusted Computing. Before the payed walled garden, MS had no real need of its own for Trusted Computing. Now it does. So it will push for it even harder.

    It is the same reason why MS going into hardware is a bad thing. Before, MS had no reason to fear people installing Linux on a Dell. But installing Linux on a subsidized MS piece of hardware? NO!

    Consider this, a pure data ISP doesn't care what goes over its lines, hence why Skype on the PC was never an issue. But a ISP that sells other services, like voice calls for a fee, DOES care. See the ban on Skype by many mobile providers.

    And a ISP that sells music/movies has itself an interest in stopping people from getting them elsewhere.

    Sony is a prime example of how such conflicting interests can even hurt the company itself, Sony crippled the otherwise quite decent Mini-disc because it feared piracy more then lost hardware sales.

    My worry about Windows 8 app store isn't in how it performs but in that it is turning what was a remarkably open system into a closed one. With no benefit to me.

  • by Bert64 (520050) <bert@sl[ ]dot.fi ... m ['ash' in gap]> on Wednesday December 12, 2012 @05:23AM (#42258427) Homepage

    If you're capable of reverse engineering the program itself, then you are also capable of reverse engineering the program that decrypts it so you can extract the keys anyway. Encryption would never be more than a minor nuisance for someone wanting to reverse engineer programs.

"Call immediately. Time is running out. We both need to do something monstrous before we die." -- Message from Ralph Steadman to Hunter Thompson

Working...