×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Nokia Engineer Shows How To Pirate Windows 8 Metro Apps, Bypass In-app Purchases

Soulskill posted about a year ago | from the internet-never-forgets dept.

Microsoft 268

MrSeb writes "The principal engineer for Nokia's WP7 and WP8 devices, Justin Angel, has demonstrated, in rather frank detail, how to pirate Windows 8 Metro apps, how to bypass in-app purchases, and how to remove in-game ads. These hacks aren't exactly easy, but more worryingly they're not exactly hard either. Angel shows that turning a trial version of a Metro app into the full version — i.e. pirating an app — is scarily simple. It's just a matter of downloading an open-source app and changing an XML attribute from 'Trial' to 'Full.' Likewise, a quick change to a XAML file can remove an app's ads. Bypassing in-app purchases is a little trickier, involving some reverse engineering of some DLLs and and decryption of database files, but Angel still makes it look fairly easy. Angel gives himself one million credits in Soulcraft, an RPG game — something that would cost you over a thousand dollars, if you performed a legitimate in-app purchase. Angel also demonstrates a way to bypass in-app purchases in WinJS (Metro/JavaScript) apps, by injecting scripts into IE10 (the rendering engine for WinJS apps). It's easy to blame Microsoft for this, but isn't this really an issue that is intrinsic to all installed applications? The fact is, Windows 8 Metro apps are stored on your hard drive — and this means that you have access to the code and data. Hex editors, save game editors, bypassing Adobe's 30-day trials by replacing DLL files, pirating Windows 8 apps — these are all just different incarnations of the same attack vectors."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

268 comments

I detect spin... (1, Interesting)

Press2ToContinue (2424598) | about a year ago | (#42255679)

Apple and Android platforms also suffer from hacking - their piracy rates are at 60% by some:
http://www.theverge.com/2012/8/7/3225154/dead-trigger-dev-interview-piracy-android-ios [theverge.com]
This does not make Windows 8 any worse than the competition. In fact, it looks somewhat better from this article because the hacks are lengthier, at least for the present.

Re:I detect spin... (5, Funny)

Anonymous Coward | about a year ago | (#42255725)

SPIN? Of course you can do these on other platforms! Article is clearly an M$ shill.

Re:I detect spin... (0)

Anonymous Coward | about a year ago | (#42256103)

Missed the sarcasm, mods? Mod this one down too for fun.

Re:I detect spin... (5, Insightful)

BitZtream (692029) | about a year ago | (#42255733)

Its nothing that hasn't been done for as long as I've used computers.

Yes, you can change code and work around everything.

SecureBoot with a fully trusted chain makes it impossible ... right up until an exploit is found in the chain.

Cracking isn't new, and this isn't particularly impressive. Not that credit isn't do for pointing it out, the guy is the 'First Post' so to speak, but other than that, its just 'meh, I did this when I was 15' and it was harder then as programmers weren't so lazy to store things in easily editable unsigned XML files since MOST people using computers had a bit of a clue.

Re:I detect spin... (5, Funny)

fustakrakich (1673220) | about a year ago | (#42255779)

I did this when I was 15'...

Damn! How tall are you now?

Re:I detect spin... (0)

Anonymous Coward | about a year ago | (#42255833)

That's a closing single quote, rather than the symbol for foot. See the opening quote before "meh."

Re:I detect spin... (1, Insightful)

Khyber (864651) | about a year ago | (#42256135)

Another victim of our failing educational system...

Re:I detect spin... (2, Informative)

mjwx (966435) | about a year ago | (#42256195)

Another victim of our failing educational system...

The fact the measurement is still in Imperial units in 2012 indicates it failed a long, long time ago.

Re:I detect spin... (0)

John Hasler (414242) | about a year ago | (#42256255)

What country still uses the Imperial system? Hint: the USA never used it.

Re:I detect spin... (1)

thebigmacd (545973) | about a year ago | (#42256277)

Canada. We advertise fuel economy in both L/100km and mpg (Imperial)

Re:I detect spin... (2)

MikeBabcock (65886) | about a year ago | (#42256329)

Only because the MPG rating allows comparisons with US ratings often published in Canada as well.

Meanwhile, the USA has officially been metric for years but posts speeds in mph.

Re:I detect spin... (2)

thebigmacd (545973) | about a year ago | (#42256515)

We use *Imperial* gallons in our fuel efficiency ratings. The numbers cannot be compared directly to US gallons, as there are ~4.5 liters per Imperial gallon, and 3.785 liters per US gallon.

Re:I detect spin... (0)

Anonymous Coward | about a year ago | (#42256539)

What part of "Imperial system" don't you understand? HINT: the USA never used it, in case you didn't read the original question.

Re:I detect spin... (0)

Anonymous Coward | about a year ago | (#42256599)

Speeds are mph in the UK too.

Re:I detect spin... (2)

Jane Q. Public (1010737) | about a year ago | (#42256635)

"Meanwhile, the USA has officially been metric for years but posts speeds in mph."

You didn't say Imperial was metric, but you kind of implied it, intentionally or not. Which might confuse people. So, to clarify:

"Imperial" units have nothing whatever to do with the metric system, just as the old U.S. SAE system also had little to do with the metric system. Imperial units are a third measurement system, separate from both U.S. and metric.

Re:I detect spin... (0)

Anonymous Coward | about a year ago | (#42256291)

Another victim of our failing educational system...

The fact the measurement is still in Imperial units in 2012 indicates it failed a long, long time ago.

I'm curious, why do you think, at this point, any country should switch from the units standard that they're already using?

Re:I detect spin... (1)

LurkerXXX (667952) | about a year ago | (#42256355)

Because it's a world market, and everyone using metric would save a lot of labelling, speeds things up by not requiring mental or calculated conversions, prevent expensive and wasteful mistakes (ex. probe slamming into mars instead of landing on it) from people not realizing the others are using a different system, etc, etc.

You couldn't figure that one out on your own?

Re:I detect spin... (3, Interesting)

History's Coming To (1059484) | about a year ago | (#42256381)

To be honest, I see this as good news. There's no real security threat for the user (assuming any login process is done server side) and means that the software in question is, at least in theory, configurable by the user. The Linux equivalent of this article is "Linux allows your to customise your software with editable config files" - OK, he's having to do it the hard way, but it's a first step, and at least it shows a certain resilience to loss of network connection in principle. This is probably the most positive article on Win8 I've read so far.

Re:I detect spin... (3, Insightful)

WiiVault (1039946) | about a year ago | (#42255805)

To be fair, I don't believe there is a jailbreak for iOS6 or any of the new iDevices. So I imagine that number must have gone down. Of course the general gist of what you say is accurate. If WP8 gains any relevance at all I expect them to be in the same boat Apple and Google are in.

Re:I detect spin... (2, Insightful)

andydread (758754) | about a year ago | (#42255921)

wow 7:21PM. Heres a clue when trolling slashdot wait a few minutes before posting.

Re:I detect spin... (0)

Anonymous Coward | about a year ago | (#42256191)

Then they wouldn't get first post for the most eyes in their shilling.

Re:I detect spin... (0)

Anonymous Coward | about a year ago | (#42255951)

Spin? From somebody who blindly adopted the Content Mafia terror-FUD and uses their terms like “pirate”/“piracy”...?

YOU DON'T SAY!

Shit, a couple of years ago you and OP would have been modded -1, Troll, strangled and shot over the Internet, for using that word here!

But it seems that nowadays, Slashdot is ruled by kids who are either too young, too retarded or too brainwashed to get why it is so important. (Hint: You're basically supporting ACTA, and the very organized crime that harms and cripples you on a daily bases, by doing so.) I bet most of the idiots here even use Apple/Win8 devices!

Re:I detect spin... (0)

Press2ToContinue (2424598) | about a year ago | (#42256445)

Bitter, much?

I guess it goes hand-in-hand with being old, so don't worry - we young whippersnappers won't hold you accountable for your dementia-induced poison. We'll just smile and say... "he can't help it." (shrug)

Real Games (0)

Anonymous Coward | about a year ago | (#42256035)

The maker of Real Player, real.com, used to offer a plethora of games for trial and purchase. The problem was when the trial game was opened while the installation folder was also open, a full version with a hidden attribute would appear right next to it. Simply copy the full version to another folder, end the trial and paste the full version back in.

These schemes, DRM, and trusted computing in general suffer from an assumption that consumers are stupid.

Attack vector? (4, Interesting)

XanC (644172) | about a year ago | (#42255703)

There's no attack here. Somebody's modifying software on his own machine for his own use.

Re:Attack vector? (1)

geekoid (135745) | about a year ago | (#42255837)

it's an attack vector. Modifying code to operate outside it's intended design is an attack. whether that;s by passing a wheel code for Might and magic II, or changing the trial version of Windows 8 to a full version. They are forms of attack.
And with App games, you could be impacting people other then yourself.

Re:Attack vector? (5, Insightful)

Arker (91948) | about a year ago | (#42256029)

No, my ability to alter bits on my hardware is not an 'attack' it's proper functioning of a general purpose computer. If people have invested in business models predicated on my inability to modify the bits on my hardware, that is their problem, but it's not an 'attack' it's simply their own short-sightedness and stupidity.

Who do you think you are kidding? (3, Interesting)

westlake (615356) | about a year ago | (#42256299)

There's no attack here. Somebody's modifying software on his own machine for his own use

Without paying for it.

Some would call it a hack, others simply theft.

The geek earns his bad press. That is how he loses control over the meaning of words like hack and hacking.

Re:Attack vector? (1)

wvmarle (1070040) | about a year ago | (#42256429)

It sounds awfully like DRM. After all, the app is trying to put certain restrictions on you (the R in DRM), and you circumvent them. That's all.

The trial/full issue: that can be done because they are essentially the same version. To go from trial version to full version, only a configuration key needs to be changed, and you're good. The real solution to this issue is for the developer to have two versions - and upon upgrade to the full version, a different piece of software is installed. That's also what I see mostly in the Google Play Store, where the "pro" version is a different app than the "free" version.

The ads: well like above. Don't rely on checking a key, just display those ads in the trial version of your app. Having a simple key that is plain text to boot, that's easy to circumvent. It seems they're not even trying to protect this.

In-app purchases are a tougher nut, and indeed here some serious protection attempt obviously has been done by encrypting stuff.

And this guys goal is to.....get Fired? (1)

Anonymous Coward | about a year ago | (#42255713)

And this guys goal is to.....get Fired?

Re:And this guys goal is to.....get Fired? (0)

Anonymous Coward | about a year ago | (#42255765)

I am wondering that too. Well, it should be good for Nokia sales though ...

Microsoft could fix this issue ASAP (1, Insightful)

Anonymous Coward | about a year ago | (#42255719)

But instead they'll be on the phone with Nokia trying to get this guy fired.

Bruce (5, Insightful)

girlintraining (1395911) | about a year ago | (#42255759)

Bruce Schneider just facepalmed. How many times do you people need to be told client side security doesn't work? Of course the Windows 8 store got hacked: No matter how much you try to lock it down, all you're doing is just giving some bored teenagers and underemployed/unemployed programmers something to challenge them. The Playstation 3 had some very advanced client-side security. It still got broken. It took them awhile, but it fell, as all client side security must. If you have physical access to the hardware, you own it. It may take a mod chip, it may take a special program, or technical knowledge, but the problem is one that although the skillset required to hack it may be highly specialized, once that single success happens, everybody reaps the benefits within hours to months. And there are far more bored engineers than there are DRM proponents. All client-side DRM has ever accomplished is frustrating and annoying paying customers.

This isn't news. This isn't even interesting. Hell, let's be honest here -- how many of you work at a company that has plans to migrate to Windows 8? Support it for people who have it at home? How many of you are planning on making it your primary operating system?

I see very few hands. This operating system exploded on the launch pad. It's an attempt to emulate Apple, and they botched it so hard that senior Microsoft executives will be getting handed pink slips by the end of next year -- I'd wager serious money on that. Microsoft lost its ability to innovate awhile ago... now it just follows where the market goes, maintaining a profit margin but never pushing the margins of the technology. The reasons for this are many and beyond the scope of this post...

But don't act surprised when someone cracks a client-side security scheme. No implimentation of it has denied a determined attacker with the resources of a private individual or (at worst) a small company to date. It has a fundamental design flaw that cannot be corrected.

Re:Bruce (2, Informative)

Anonymous Coward | about a year ago | (#42255807)

Bruce Schneider just facepalmed.

Why should anyone care what the brother of Rob Schneider thinks?

Or did you perhaps mean Bruce Schneier?

Re:Bruce (3, Insightful)

PhrostyMcByte (589271) | about a year ago | (#42255869)

How many times do you people need to be told client side security doesn't work?

Client-side security is like a lock on your front door. It's there to keep people honest, not to keep people out. Clearly it was not targeting people like Mr. Angel.

Re:Bruce (1)

Anonymous Coward | about a year ago | (#42255967)

More like a lock on a room inside of the house you bought. People these days go as far as to sell you houses with locked rooms, and have the gall to take offense when people break them open.

Re:Bruce (1, Insightful)

LordLucless (582312) | about a year ago | (#42255977)

No, client-side security is like someone else putting a lock on your front door. It's there to extort a profit out of you, not provide you with any benefit. People are clearly justified in ripping the damn thing off their property, and people like Mr. Angel should be praised for showing them how.

Re:Bruce (2, Interesting)

Arker (91948) | about a year ago | (#42256059)

As another poster already aptly pointed out, it's more like a lock inside your house to prevent you from accessing some of the rooms without paying an additional 'unlocking fee.' Anyone who tries that kind of scam shouldnt be surprised if the homeowner avails himself of a less expensive method of unlocking.

Re:Bruce (1)

Nefarious Wheel (628136) | about a year ago | (#42256425)

That used to be quite common. IBM practiced it when they'd sell nobbled DASD (disk, to you young whippersnappers) that could be upgraded for a healthy fee and a tech to remove a pin from the device.

Re:Bruce (1)

Anonymous Coward | about a year ago | (#42256427)

As another poster already aptly pointed out, it's more like a lock inside your house to prevent you from accessing some of the rooms without paying an additional 'unlocking fee.'

It's not like that at all, if you buy a house you own the house not just some rooms of the house, if you buy a license to trial software you don't own a license to the full version, it's a pretty simple concept.
It's more like renting a room in a house, that doesn't entitle you to just take over the whole house just because you can.

Re:Bruce (1)

dbIII (701233) | about a year ago | (#42256137)

This isn't news. This isn't even interesting. Hell, let's be honest here -- how many of you work at a company that has plans to migrate to Windows 8? Support it for people who have it at home? How many of you are planning on making it your primary operating system?

I have to admit at this point that I've never even seen it. However, the only bit of software that I support that runs in a Microsoft environment couldn't even run in Win7 until around this time last year. While I purchased Win7 to use at home I only use it for Skyrim (I don't know if I can blame the game or the OS, but together they end up as a buggy piece of shit that crashes every now and again with very poor multi-montior support - worse than the Matrox desktop manager in win2k!).

Re:Bruce (0)

Anonymous Coward | about a year ago | (#42256411)

Odd, I play Skyrim on Windows 7 x64 using a Readeon 6970 with 3 monitors (eyefinity) without any issues. Well, I do use Flawless Widescreen, but come on, if you are a gamer you should already know that program exists.

Re:Bruce (1)

westlake (615356) | about a year ago | (#42256623)

The Playstation 3 had some very advanced client-side security. It still got broken. It took them awhile, but it fell, as all client side security must.

It took about five years.

It happens at the risk of civil and criminal prosecution. Digital Millennium Copyright Act [wikipedia.org]

I'll take "server side" as implying at least three components that are going to limit the geek's options dramatically: the always-on internet connection, the app-store and hardware that is much less physically accessible.

Grey Bar Hotel, yes? (0, Offtopic)

Frosty Piss (770223) | about a year ago | (#42255761)

Naturally Microsoft will have him arrested, right? Right? I mean, if it were some random hacker they would, right? 15 years in the Grey Bar Hotel?

Steve Ballmer is gonna be pissed (4, Insightful)

WiiVault (1039946) | about a year ago | (#42255785)

I really hope Nokia realized that when they sold their soul to MS they don't get to say what they want anymore. They are tied to a much stronger company, who literally controls their only chance at having any relevance in smartphones. When they had options, and in-house OS production they might have been able to say what they wanted, and risk souring one of many relationships. Now it's all the eggs in one place, with a company not known for treating even perfect partners with an ounce of respect.

Internal conflict? (2)

fufufang (2603203) | about a year ago | (#42255797)

I wonder if this guy hates his job/Nokia/Microsoft. I meant if he loves his company, he should have contacted Microsoft, and get fixed, then perhaps gets some street cred by publishing some news report.

I am not sure if this kind of activity would sour the relationship between Microsoft and Nokia. Perhaps that's actually his goal.

Re:Internal conflict? (1)

SmlFreshwaterBuffalo (608664) | about a year ago | (#42255879)

I wonder if this guy hates his job/Nokia/Microsoft. I meant if he loves his company, he should have contacted Microsoft, and get fixed, then perhaps gets some street cred by publishing some news report.

I am not sure if this kind of activity would sour the relationship between Microsoft and Nokia. Perhaps that's actually his goal.

Maybe he did contact Microsoft and they ignored him. Maybe he felt whistle-blowing was the only way to get this fixed.

Re:Internal conflict? (0)

CanadianRealist (1258974) | about a year ago | (#42255893)

I'm sure if he contacted Microsoft they could have easily fixed this. It's not like their whole security model was based on some simple idea that is just completely flawed, right.

They could swap the meanings of "Trial" and "Full" in the XML attribute.Then when those clever hackers thought they were pirating the app they would really be turning their full version of the app into a trial version. I think should patent this new security system I've devised.

Re:Internal conflict? (1)

dbIII (701233) | about a year ago | (#42256145)

His job is probably doomed anyway and the relationship turned pretty sour when MS orphaned Nokia's Win7 phones.

Re:Internal conflict? (2)

cbhacking (979169) | about a year ago | (#42256371)

Why do you think this even *can* be fixed? Windows 8 and Windows RT come with full Admin access. They're rooted by design; there's nowhere you can hide a DRM setting (and that's all this is) that it can't be found and changed. Worst case, you can always just attach a debugger to the application (locally on Win8, using the remote debugger tools on Windows RT) and go to town.

While I'm a little surprised that an employee of a MS partner such as Nokia would publish something like this, there's really nothing MS could do about it. This type of thing is a bit harder on Android, where you typically don't have root access right off the bat, and a lot harder on iOS or most consoles, where you're not supposed to have any access to the system at all except through the approved channels, but on desktop/laptop/tablet versions of Windows or OS X or Linux or *BSD or whatever, it's only a matter of finding the switch; you already know you have the permissions to access and modify it.

Re:Internal conflict? (0)

Anonymous Coward | about a year ago | (#42256523)

Why do you think this even *can* be fixed? Windows 8 and Windows RT come with full Admin access. They're rooted by design; there's nowhere you can hide a DRM setting (and that's all this is) that it can't be found and changed. Worst case, you can always just attach a debugger to the application (locally on Win8, using the remote debugger tools on Windows RT) and go to town.

Yeah damn them and their lack of total lockdown! FWIW I agree, outside of total lockdown these issues will persist.

Title correction. (0)

Anonymous Coward | about a year ago | (#42255803)

It should have read ex-Nokia engineer.

Nothing new here.. (1)

Anonymous Coward | about a year ago | (#42255815)

Anyone remember Ultima? I used to hex edit my stats and inventory to get items all the time.

Re:Nothing new here.. (1)

mark-t (151149) | about a year ago | (#42256041)

What on earth would the point of that be?

Ultima was solitaire.

How bad does it have to get to feel like you need to cheat at solitaire?

Re:Nothing new here.. (4, Interesting)

mpicker0 (411333) | about a year ago | (#42256243)

On the C-64 version of Ultima IV, you could flip the floppy disc upside down and then move your character until the next portion of the map was loaded. It read data directly off the disc with no validation, because the map squares then had all kinds of random items on them, a good number of which were treasure chests. As soon as you got enough gold, you just flipped the disc back over and played normally.

Exemplary programming (1)

darkfeline (1890882) | about a year ago | (#42255849)

From the summary: It's just a matter of downloading an open-source app and changing an XML attribute from 'Trial' to 'Full.'

Er, what? Come again? I don't even know what to say, my mind has already been blown across the room. This is like Sony including the PS3 master key in a ROM chip in every console they've shipped. The mind, it boggles.

Re:Exemplary abstraction (3)

Tackhead (54550) | about a year ago | (#42255959)

From the summary: It's just a matter of downloading an open-source app and changing an XML attribute from 'Trial' to 'Full.'

But it's XML. The framework doesn't let anybody do that! Why would anyone mess around with a text editor, or grep for strings like "trial"? You don't need a filesystem, you just need <QUANTITY="MOAR">XML</QUANTITY>. Separate your data from the presentation and the application, and let some other level of abstraction deal with everything else.

"The more they overthink the plumbing, the easier it is to stop up the drain."
- Commander Montgomery Scott (Ret.)

Re:Exemplary programming (0)

Arker (91948) | about a year ago | (#42256179)

What's truly shocking here is that you apparently have to 'download an open source app' to get a simple text editor. What a broken system! You would think basics like vi would come pre-installed with the OS in this day and age, they cant even get that right?!?

Re:Exemplary programming (1)

cbhacking (979169) | about a year ago | (#42256395)

You don't have to do any such thing. It's easier if you use a tool built for the purpose, but you can use Notepad or fucking edlin if you want to.

Re:Exemplary programming (1)

_merlin (160982) | about a year ago | (#42256399)

You would think basics like vi would come pre-installed with the OS in this day and age, they cant even get that right?!?

Scarily, even Fedora doesn't have vi installed by default these days. One has to install it using the package manager.

Re:Exemplary programming (0)

Anonymous Coward | about a year ago | (#42256657)

What's truly shocking here is that you apparently have to 'download an open source app' to get a simple text editor. What a broken system!

The broken system is your cognitive ability to comprehend the situation. Hint: the 'open source app' is *not* a text editor.

You would think basics like vi would come pre-installed with the OS in this day and age, they cant even get that right?!?

They do, but you can't even seem to get your criticisms right.

It's All Source (1)

TranquilVoid (2444228) | about a year ago | (#42255873)

isn't this really an issue that is intrinsic to all installed applications?

Yes, even assembly can still be considered source code. That's why a lot of software is moving to a client-server architecture, especially commonly-pirated items like games.

Re:It's All Source (1)

Arker (91948) | about a year ago | (#42256091)

Yes, even assembly can still be considered source code

Nominating this for unintentional face-desk post of the day. Of course assembler isnt just 'considered' source code it is source code, or rather a language in which source code is written. Not sure what they are teaching (or smoking) in school these days but that made no sense at all. It's like saying 'the sky can still be considered blue.' Only sometimes the sky isnt blue, so even that analogy was too weak.

Oh my God it's full of bytes! (1)

dbIII (701233) | about a year ago | (#42256183)

Of course assembly is source code. I take it you meant the binaries instead.
The terminology doesn't help much though since a "disassembler" actually produces readable assembly from the binaries :)

Re:Oh my God it's full of bytes! (0)

Anonymous Coward | about a year ago | (#42256535)

'readable', as an assembly programmer, I take offense. The difference between hand-written and annotated assembly code, and automatically dissassembled compiler generated code is night and day. Sure, by a combination of careful scrutiny and debugging you can annotate disassembled code to get something 'readable', but that doesn't at all imply that the immediate output of a disassembler is 'readable'. Also written assembly code is full of macros and symbolic names that make it far easier to understand than for example "MOVL EAX, RSP+40h"

Can he show how to... (4, Funny)

Brad1138 (590148) | about a year ago | (#42255917)

Roll Windows 8 back to Windows 7?

Re:Can he show how to... (0)

Anonymous Coward | about a year ago | (#42256129)

"dd if=/dev/zero of=/dev/hda bs=1M" ...er wait I meant "format c:"

Re:Can he show how to... (0)

Anonymous Coward | about a year ago | (#42256159)

I think you misspelled "XP"

Re:Can he show how to... (1)

Anonymous Coward | about a year ago | (#42256423)

You just can't handle chaaaaaange!

(There. Now, can I have my 12 Ballmer Bucks, or whatever a brief shill post is worth these days?)

Let that be a lesson to developers (1)

drkstr1 (2072368) | about a year ago | (#42255965)

This is not a failing of the ecosystem, but of the propensity of app developers to trust client side data. The client is a dirty evil little thing, and under no circumstances would it be a good idea to grant it access to precious sever side resources (such as in game purchases) without validating the request against private data (EG. an auth token).

"They'll get addicted, and then we'll collect" (0)

Anonymous Coward | about a year ago | (#42255993)

"They'll get addicted, and then we'll collect" - Bill Gates

Well, Nokia collects anyway unless people pirate the phones too.

Re:"They'll get addicted, and then we'll collect" (1)

AHuxley (892839) | about a year ago | (#42256143)

Yes thats the usual plan. A long cheap 'beta' trial where its all open, fun and fast.
Then the production houses are tooled up, renting the software per seat/core.
The end user walks around staring at the MS logo as they smile over the 'deal' they got.
The boss gets addicted to seeing and making changes on the go.
Slowly the system gets bloated, more expensive and more closed.

Re:"They'll get addicted, and then we'll collect" (1)

viperidaenz (2515578) | about a year ago | (#42256439)

Nokia collects on everyone, since they own a bunch of patents that the cellphone standards are based on.

Yes, these cracks happen to all the codes. (1)

140Mandak262Jamuna (970587) | about a year ago | (#42256013)

In most third world countries you can buy a 1 TB hard disk filled with cracked versions of all kinds of software . Price is cheaper for the Bring Your Own Harddisk deals. Everything from Maya, Adobe Illustrator, video editors all the way to strange things like Serenade 7.0 circuit simulator from Compact Software or Star-CCM++ mesher, whatever the hell that is. CAD/CAM tools blah blah blah... everything. So not surprised by the fact some one cracked it. What surprised me was that it is as simple as reading the file in, and changing an XML attribute of an entity with off-the-shelf tools, not something complicated like the black-orifice cracker/debugger. Reminds me of the early days in Web commerce where a site was submitting the price and quantity in a open form. People could just modify the html page and submit orders with spurious (and low) price.

Re:Yes, these cracks happen to all the codes. (1)

Bengie (1121981) | about a year ago | (#42256169)

Embrace: 3rd world countries supply HDs full of pirated software
Extend: Make easy to pirate over a digital distribution platform
Extinguish: No more demand for re-sellers of pirated HDs

and soon all systems will have a DRM chip and linu (0)

Joe_Dragon (2206452) | about a year ago | (#42256055)

and soon all systems will have a DRM chip and linux / other non app store as well a adult stuff will be locked out.

Re:and soon all systems will have a DRM chip and l (1)

mjwx (966435) | about a year ago | (#42256227)

and soon all systems will have a DRM chip and linux / other non app store as well a adult stuff will be locked out.

Secured boot loaders didn't work that well on Android.

The more prolific a restrictive device/process the faster it will be cracked. The locked bootloaders were only on a small number of Motorola Android phones and they were cracked in short order. IOS gets cracked mere days after it's release and most video game DRM systems are cracked prior to release day.

Well once you read it (1)

jameshofo (1454841) | about a year ago | (#42256177)

if you actually read his blog then it might become rather obvious that this comes off as more of an academic exercise rather than "oh my god look how bad windows 8 is!". But Microsoft should be happy about this, now they have proof, to point to that the reason applications in Windows 8 aren't selling so hot is not because the operating system is starting out as unpopular but because everyone know's how easy it is to pirate their apps! Don't forget he used free open source software too! har

You are all breaking the law. (1, Funny)

mtrachtenberg (67780) | about a year ago | (#42256275)

Attention Slashdot,

On behalf of the DoJ (*) and the FBI (**), I must inform you that your link to instructions on changing an XML file are in violation of any number of laws, judicial opinions, and fantasies of various American politicians. Cease! Desist! Guantanamo remains open.

(*) Dumb oily jerks
(**) Folks bu****it inspired (***)
(***) Yeah, you can do better.

worryingly? (1)

epyT-R (613989) | about a year ago | (#42256279)

I'm not worried. Why would I want ads in my applications? These web 2.0 idiots need to stop trying to take control of my computer away from me.

A Matter of Perspective (4, Funny)

MacGyver2210 (1053110) | about a year ago | (#42256437)

I prefer to use the term "Freedom Vectors" rather than "Attack Vectors". It's more honest to what you're actually doing.

Client side security (0)

Anonymous Coward | about a year ago | (#42256601)

I am surprised that unlocking trials is as easy as it is, but software developer have always had their own way of security trials. There's no reason why software developers can't continue using better trialware.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...