Forgot your password?
typodupeerror
Microsoft Software Windows Technology

Nokia Engineer Shows How To Pirate Windows 8 Metro Apps, Bypass In-app Purchases 268

Posted by Soulskill
from the internet-never-forgets dept.
MrSeb writes "The principal engineer for Nokia's WP7 and WP8 devices, Justin Angel, has demonstrated, in rather frank detail, how to pirate Windows 8 Metro apps, how to bypass in-app purchases, and how to remove in-game ads. These hacks aren't exactly easy, but more worryingly they're not exactly hard either. Angel shows that turning a trial version of a Metro app into the full version — i.e. pirating an app — is scarily simple. It's just a matter of downloading an open-source app and changing an XML attribute from 'Trial' to 'Full.' Likewise, a quick change to a XAML file can remove an app's ads. Bypassing in-app purchases is a little trickier, involving some reverse engineering of some DLLs and and decryption of database files, but Angel still makes it look fairly easy. Angel gives himself one million credits in Soulcraft, an RPG game — something that would cost you over a thousand dollars, if you performed a legitimate in-app purchase. Angel also demonstrates a way to bypass in-app purchases in WinJS (Metro/JavaScript) apps, by injecting scripts into IE10 (the rendering engine for WinJS apps). It's easy to blame Microsoft for this, but isn't this really an issue that is intrinsic to all installed applications? The fact is, Windows 8 Metro apps are stored on your hard drive — and this means that you have access to the code and data. Hex editors, save game editors, bypassing Adobe's 30-day trials by replacing DLL files, pirating Windows 8 apps — these are all just different incarnations of the same attack vectors."
This discussion has been archived. No new comments can be posted.

Nokia Engineer Shows How To Pirate Windows 8 Metro Apps, Bypass In-app Purchases

Comments Filter:
  • Attack vector? (Score:5, Interesting)

    by XanC (644172) on Tuesday December 11, 2012 @08:23PM (#42255703)

    There's no attack here. Somebody's modifying software on his own machine for his own use.

    • Re:Attack vector? (Score:4, Informative)

      by Sponge Bath (413667) on Tuesday December 11, 2012 @08:38PM (#42255823)
      They are attacking the profits of Metro app developers. All of them :-P
    • by geekoid (135745)

      it's an attack vector. Modifying code to operate outside it's intended design is an attack. whether that;s by passing a wheel code for Might and magic II, or changing the trial version of Windows 8 to a full version. They are forms of attack.
      And with App games, you could be impacting people other then yourself.

    • by westlake (615356) on Tuesday December 11, 2012 @09:51PM (#42256299)

      There's no attack here. Somebody's modifying software on his own machine for his own use

      Without paying for it.

      Some would call it a hack, others simply theft.

      The geek earns his bad press. That is how he loses control over the meaning of words like hack and hacking.

    • by wvmarle (1070040)

      It sounds awfully like DRM. After all, the app is trying to put certain restrictions on you (the R in DRM), and you circumvent them. That's all.

      The trial/full issue: that can be done because they are essentially the same version. To go from trial version to full version, only a configuration key needs to be changed, and you're good. The real solution to this issue is for the developer to have two versions - and upon upgrade to the full version, a different piece of software is installed. That's also what I

  • Nokia is more or less owned by Microsoft so...

  • Bruce (Score:5, Insightful)

    by girlintraining (1395911) on Tuesday December 11, 2012 @08:30PM (#42255759)

    Bruce Schneider just facepalmed. How many times do you people need to be told client side security doesn't work? Of course the Windows 8 store got hacked: No matter how much you try to lock it down, all you're doing is just giving some bored teenagers and underemployed/unemployed programmers something to challenge them. The Playstation 3 had some very advanced client-side security. It still got broken. It took them awhile, but it fell, as all client side security must. If you have physical access to the hardware, you own it. It may take a mod chip, it may take a special program, or technical knowledge, but the problem is one that although the skillset required to hack it may be highly specialized, once that single success happens, everybody reaps the benefits within hours to months. And there are far more bored engineers than there are DRM proponents. All client-side DRM has ever accomplished is frustrating and annoying paying customers.

    This isn't news. This isn't even interesting. Hell, let's be honest here -- how many of you work at a company that has plans to migrate to Windows 8? Support it for people who have it at home? How many of you are planning on making it your primary operating system?

    I see very few hands. This operating system exploded on the launch pad. It's an attempt to emulate Apple, and they botched it so hard that senior Microsoft executives will be getting handed pink slips by the end of next year -- I'd wager serious money on that. Microsoft lost its ability to innovate awhile ago... now it just follows where the market goes, maintaining a profit margin but never pushing the margins of the technology. The reasons for this are many and beyond the scope of this post...

    But don't act surprised when someone cracks a client-side security scheme. No implimentation of it has denied a determined attacker with the resources of a private individual or (at worst) a small company to date. It has a fundamental design flaw that cannot be corrected.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      Bruce Schneider just facepalmed.

      Why should anyone care what the brother of Rob Schneider thinks?

      Or did you perhaps mean Bruce Schneier?

    • Re:Bruce (Score:4, Insightful)

      by PhrostyMcByte (589271) <phrosty@gmail.com> on Tuesday December 11, 2012 @08:44PM (#42255869) Homepage

      How many times do you people need to be told client side security doesn't work?

      Client-side security is like a lock on your front door. It's there to keep people honest, not to keep people out. Clearly it was not targeting people like Mr. Angel.

      • Re: (Score:2, Insightful)

        by LordLucless (582312)

        No, client-side security is like someone else putting a lock on your front door. It's there to extort a profit out of you, not provide you with any benefit. People are clearly justified in ripping the damn thing off their property, and people like Mr. Angel should be praised for showing them how.

      • Re: (Score:3, Interesting)

        by Arker (91948)
        As another poster already aptly pointed out, it's more like a lock inside your house to prevent you from accessing some of the rooms without paying an additional 'unlocking fee.' Anyone who tries that kind of scam shouldnt be surprised if the homeowner avails himself of a less expensive method of unlocking.
        • That used to be quite common. IBM practiced it when they'd sell nobbled DASD (disk, to you young whippersnappers) that could be upgraded for a healthy fee and a tech to remove a pin from the device.

          • by dissy (172727)

            Many of IBMs mainframe systems work in a similar way.
            It gets delivered and installed at your location loaded with resources, as well as a modem and phone line to contact IBM.

            If you purchase a certain number of CPUs, RAM, and storage, the actual hardware has much more in it only disabled.

            When the system detects a hardware failure, it can disable the failed device and use a spare. Saves a trip for a tech most times.
            When you call up IBM to upgrade your hardware, they can change some settings and woot you are

        • It isn't SO preposterous. Usually 10% effort takes 90% of the time (see http://en.wikipedia.org/wiki/Pareto_principle [wikipedia.org]). Rather than charging every one a gross fee for the software in general, the ones who choose to use these features pay for a majority of the development time.
    • by dbIII (701233)

      This isn't news. This isn't even interesting. Hell, let's be honest here -- how many of you work at a company that has plans to migrate to Windows 8? Support it for people who have it at home? How many of you are planning on making it your primary operating system?

      I have to admit at this point that I've never even seen it. However, the only bit of software that I support that runs in a Microsoft environment couldn't even run in Win7 until around this time last year. While I purchased Win7 to use at home I

    • by westlake (615356)

      The Playstation 3 had some very advanced client-side security. It still got broken. It took them awhile, but it fell, as all client side security must.

      It took about five years.

      It happens at the risk of civil and criminal prosecution. Digital Millennium Copyright Act [wikipedia.org]

      I'll take "server side" as implying at least three components that are going to limit the geek's options dramatically: the always-on internet connection, the app-store and hardware that is much less physically accessible.

  • by WiiVault (1039946) on Tuesday December 11, 2012 @08:33PM (#42255785)
    I really hope Nokia realized that when they sold their soul to MS they don't get to say what they want anymore. They are tied to a much stronger company, who literally controls their only chance at having any relevance in smartphones. When they had options, and in-house OS production they might have been able to say what they wanted, and risk souring one of many relationships. Now it's all the eggs in one place, with a company not known for treating even perfect partners with an ounce of respect.
  • by fufufang (2603203) on Tuesday December 11, 2012 @08:34PM (#42255797)

    I wonder if this guy hates his job/Nokia/Microsoft. I meant if he loves his company, he should have contacted Microsoft, and get fixed, then perhaps gets some street cred by publishing some news report.

    I am not sure if this kind of activity would sour the relationship between Microsoft and Nokia. Perhaps that's actually his goal.

    • I wonder if this guy hates his job/Nokia/Microsoft. I meant if he loves his company, he should have contacted Microsoft, and get fixed, then perhaps gets some street cred by publishing some news report.

      I am not sure if this kind of activity would sour the relationship between Microsoft and Nokia. Perhaps that's actually his goal.

      Maybe he did contact Microsoft and they ignored him. Maybe he felt whistle-blowing was the only way to get this fixed.

    • Re: (Score:3, Insightful)

      by davydagger (2566757)
      if he loved his company, he would hate microsoft.
    • by dbIII (701233)
      His job is probably doomed anyway and the relationship turned pretty sour when MS orphaned Nokia's Win7 phones.
    • by cbhacking (979169)

      Why do you think this even *can* be fixed? Windows 8 and Windows RT come with full Admin access. They're rooted by design; there's nowhere you can hide a DRM setting (and that's all this is) that it can't be found and changed. Worst case, you can always just attach a debugger to the application (locally on Win8, using the remote debugger tools on Windows RT) and go to town.

      While I'm a little surprised that an employee of a MS partner such as Nokia would publish something like this, there's really nothing MS

      • Why do you think this even *can* be fixed? Windows 8 and Windows RT come with full Admin access. They're rooted by design

        It's not quite full access. Try disabling code signature check (to run arbitrary desktop apps, not just those signed with MS key) to see what I mean.

        Sooner or later, that's going to be circumvented, too - some folk over on XDA are working on it [xda-developers.com] - but, so far, they haven't cracked it.

  • By design (Score:5, Insightful)

    by future assassin (639396) on Tuesday December 11, 2012 @08:40PM (#42255843) Homepage

    how else would they increase their user base.

  • isn't this really an issue that is intrinsic to all installed applications?

    Yes, even assembly can still be considered source code. That's why a lot of software is moving to a client-server architecture, especially commonly-pirated items like games.

    • by Arker (91948)

      Yes, even assembly can still be considered source code

      Nominating this for unintentional face-desk post of the day. Of course assembler isnt just 'considered' source code it is source code, or rather a language in which source code is written. Not sure what they are teaching (or smoking) in school these days but that made no sense at all. It's like saying 'the sky can still be considered blue.' Only sometimes the sky isnt blue, so even that analogy was too weak.

    • Of course assembly is source code. I take it you meant the binaries instead.
      The terminology doesn't help much though since a "disassembler" actually produces readable assembly from the binaries :)
  • by Brad1138 (590148) <brad1138@yahoo.com> on Tuesday December 11, 2012 @08:50PM (#42255917)
    Roll Windows 8 back to Windows 7?
  • This is not a failing of the ecosystem, but of the propensity of app developers to trust client side data. The client is a dirty evil little thing, and under no circumstances would it be a good idea to grant it access to precious sever side resources (such as in game purchases) without validating the request against private data (EG. an auth token).
  • what about porting app store apps to 7?

  • In most third world countries you can buy a 1 TB hard disk filled with cracked versions of all kinds of software . Price is cheaper for the Bring Your Own Harddisk deals. Everything from Maya, Adobe Illustrator, video editors all the way to strange things like Serenade 7.0 circuit simulator from Compact Software or Star-CCM++ mesher, whatever the hell that is. CAD/CAM tools blah blah blah... everything. So not surprised by the fact some one cracked it. What surprised me was that it is as simple as reading t
    • by Bengie (1121981)
      Embrace: 3rd world countries supply HDs full of pirated software
      Extend: Make easy to pirate over a digital distribution platform
      Extinguish: No more demand for re-sellers of pirated HDs
  • Attention Slashdot,

    On behalf of the DoJ (*) and the FBI (**), I must inform you that your link to instructions on changing an XML file are in violation of any number of laws, judicial opinions, and fantasies of various American politicians. Cease! Desist! Guantanamo remains open.

    (*) Dumb oily jerks
    (**) Folks bu****it inspired (***)
    (***) Yeah, you can do better.

  • I'm not worried. Why would I want ads in my applications? These web 2.0 idiots need to stop trying to take control of my computer away from me.

  • by MacGyver2210 (1053110) on Tuesday December 11, 2012 @10:13PM (#42256437)

    I prefer to use the term "Freedom Vectors" rather than "Attack Vectors". It's more honest to what you're actually doing.

  • by bmo (77928) on Wednesday December 12, 2012 @12:52AM (#42257259)

    ...Win8 apps, is that you still wind up with Windows 8 apps.

    I have to speculate on the motivation behind this how-to guide. Microsoft has known for a long time that piracy fuels market share. Bill Gates said publicly so in 1998, and every time Ballmer hops up and down about turning the copyright protection knob to 11, saner minds prevail and he shuts up.

    This hasn't been released without behind-the-scenes official blessing and encouragement from Microsoft.

    --
    BMO

  • ...but I couldn't find a single Metro-app or game worth the effort!

  • by bickerdyke (670000) on Wednesday December 12, 2012 @04:52AM (#42258295)

    Publishing this seems like a pretty pathetic move to boost Win8 Sales

    "Look! You now even can get Apps for free for Win8"

  • by mwvdlee (775178) on Wednesday December 12, 2012 @04:53AM (#42258301) Homepage

    Remember MS-DOS? It was this upstart operating system which came basically without copy protection for either itself or the software that ran on it; it became quite popular.
    Now we have Win8/RT/whatever, which is an upstart operating system in the mobile world which comes basically without copy protection for itself or the software that runs on it...

  • by DrXym (126579) on Wednesday December 12, 2012 @05:20AM (#42258415)
    Windows 8 doesn't come with a Mahjong game any more, instead it's on the app store but it's still made and supported by Microsoft. I couldn't care less about that. What I do care about is the thing has this unskippable fucking ads that appear at random between levels, and are always promoting some other game called Tap Tiles. It's highly annoying behaviour, made worse because along with it Mahjong has turned into a buggy mess which randomly crashes and wipes out all its local data making stuff like the daily challenges a waste of time.
  • by jra (5600) on Wednesday December 12, 2012 @12:56PM (#42261999)

    > It's easy to blame Microsoft for this, but isn't this really an issue that is intrinsic to all installed applications?

    No one read John Carmack's "don't let the client control anything" screed several years back, about how gaming systems cannot let the client code *know* or *control* things, because then it could be replaced with something that would cheat on the user's behalf, by looking around corners for bad guys and such?

    This is the same exact thing, as far as I can see...

    http://www.catb.org/esr/writings/quake-cheats.html [catb.org]

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (9) Dammit, little-endian systems *are* more consistent!

Working...