Nokia Engineer Shows How To Pirate Windows 8 Metro Apps, Bypass In-app Purchases 268
MrSeb writes "The principal engineer for Nokia's WP7 and WP8 devices, Justin Angel, has demonstrated, in rather frank detail, how to pirate Windows 8 Metro apps, how to bypass in-app purchases, and how to remove in-game ads. These hacks aren't exactly easy, but more worryingly they're not exactly hard either. Angel shows that turning a trial version of a Metro app into the full version — i.e. pirating an app — is scarily simple. It's just a matter of downloading an open-source app and changing an XML attribute from 'Trial' to 'Full.' Likewise, a quick change to a XAML file can remove an app's ads. Bypassing in-app purchases is a little trickier, involving some reverse engineering of some DLLs and and decryption of database files, but Angel still makes it look fairly easy. Angel gives himself one million credits in Soulcraft, an RPG game — something that would cost you over a thousand dollars, if you performed a legitimate in-app purchase. Angel also demonstrates a way to bypass in-app purchases in WinJS (Metro/JavaScript) apps, by injecting scripts into IE10 (the rendering engine for WinJS apps). It's easy to blame Microsoft for this, but isn't this really an issue that is intrinsic to all installed applications? The fact is, Windows 8 Metro apps are stored on your hard drive — and this means that you have access to the code and data. Hex editors, save game editors, bypassing Adobe's 30-day trials by replacing DLL files, pirating Windows 8 apps — these are all just different incarnations of the same attack vectors."
Attack vector? (Score:5, Interesting)
There's no attack here. Somebody's modifying software on his own machine for his own use.
Re:Attack vector? (Score:4, Informative)
Re:Attack vector? (Score:5, Funny)
Both of them?
Re: (Score:3)
120 000 guys who got a free lunch from MS != developers
Re: (Score:2)
Re: (Score:2)
it's an attack vector. Modifying code to operate outside it's intended design is an attack. whether that;s by passing a wheel code for Might and magic II, or changing the trial version of Windows 8 to a full version. They are forms of attack.
And with App games, you could be impacting people other then yourself.
Re:Attack vector? (Score:5, Insightful)
Re:Attack vector? (Score:5, Insightful)
Re: (Score:2)
Failed analogy. You're not operating in any public space if you modify code in your computer.
Re: (Score:3)
You're not operating in any public space if you modify code in your computer.
But you are still breaking the terms of the license agreement...which I assume is the point.
Who do you think you are kidding? (Score:4, Interesting)
There's no attack here. Somebody's modifying software on his own machine for his own use
Without paying for it.
Some would call it a hack, others simply theft.
The geek earns his bad press. That is how he loses control over the meaning of words like hack and hacking.
Re:Who do you think you are kidding? (Score:4, Insightful)
If you just want to offer a trial, don't give us the entire app maybe?
So costs go up for everyone, just because some people have an entitlement complex. Way to refute parent.
Re: (Score:3)
Hacking != theft.
If you walk into a grocery store, are handed a free sample of a loaf of bread, then somehow alter that sample to magically grow into a full sized loaf of bread, is that theft?
Theft analogies don't apply to software.
Re: (Score:2)
It sounds awfully like DRM. After all, the app is trying to put certain restrictions on you (the R in DRM), and you circumvent them. That's all.
The trial/full issue: that can be done because they are essentially the same version. To go from trial version to full version, only a configuration key needs to be changed, and you're good. The real solution to this issue is for the developer to have two versions - and upon upgrade to the full version, a different piece of software is installed. That's also what I
Shoot the messenger, quick! (Score:2)
Nokia is more or less owned by Microsoft so...
Bruce (Score:5, Insightful)
Bruce Schneider just facepalmed. How many times do you people need to be told client side security doesn't work? Of course the Windows 8 store got hacked: No matter how much you try to lock it down, all you're doing is just giving some bored teenagers and underemployed/unemployed programmers something to challenge them. The Playstation 3 had some very advanced client-side security. It still got broken. It took them awhile, but it fell, as all client side security must. If you have physical access to the hardware, you own it. It may take a mod chip, it may take a special program, or technical knowledge, but the problem is one that although the skillset required to hack it may be highly specialized, once that single success happens, everybody reaps the benefits within hours to months. And there are far more bored engineers than there are DRM proponents. All client-side DRM has ever accomplished is frustrating and annoying paying customers.
This isn't news. This isn't even interesting. Hell, let's be honest here -- how many of you work at a company that has plans to migrate to Windows 8? Support it for people who have it at home? How many of you are planning on making it your primary operating system?
I see very few hands. This operating system exploded on the launch pad. It's an attempt to emulate Apple, and they botched it so hard that senior Microsoft executives will be getting handed pink slips by the end of next year -- I'd wager serious money on that. Microsoft lost its ability to innovate awhile ago... now it just follows where the market goes, maintaining a profit margin but never pushing the margins of the technology. The reasons for this are many and beyond the scope of this post...
But don't act surprised when someone cracks a client-side security scheme. No implimentation of it has denied a determined attacker with the resources of a private individual or (at worst) a small company to date. It has a fundamental design flaw that cannot be corrected.
Re: (Score:2, Informative)
Bruce Schneider just facepalmed.
Why should anyone care what the brother of Rob Schneider thinks?
Or did you perhaps mean Bruce Schneier?
Re:Bruce (Score:4, Insightful)
How many times do you people need to be told client side security doesn't work?
Client-side security is like a lock on your front door. It's there to keep people honest, not to keep people out. Clearly it was not targeting people like Mr. Angel.
Re: (Score:2, Insightful)
No, client-side security is like someone else putting a lock on your front door. It's there to extort a profit out of you, not provide you with any benefit. People are clearly justified in ripping the damn thing off their property, and people like Mr. Angel should be praised for showing them how.
Re: (Score:3, Interesting)
Re: (Score:2)
That used to be quite common. IBM practiced it when they'd sell nobbled DASD (disk, to you young whippersnappers) that could be upgraded for a healthy fee and a tech to remove a pin from the device.
Re: (Score:3)
Many of IBMs mainframe systems work in a similar way.
It gets delivered and installed at your location loaded with resources, as well as a modem and phone line to contact IBM.
If you purchase a certain number of CPUs, RAM, and storage, the actual hardware has much more in it only disabled.
When the system detects a hardware failure, it can disable the failed device and use a spare. Saves a trip for a tech most times.
When you call up IBM to upgrade your hardware, they can change some settings and woot you are
Re: (Score:2)
Re: (Score:2)
I have to admit at this point that I've never even seen it. However, the only bit of software that I support that runs in a Microsoft environment couldn't even run in Win7 until around this time last year. While I purchased Win7 to use at home I
Re: (Score:2)
The Playstation 3 had some very advanced client-side security. It still got broken. It took them awhile, but it fell, as all client side security must.
It took about five years.
It happens at the risk of civil and criminal prosecution. Digital Millennium Copyright Act [wikipedia.org]
I'll take "server side" as implying at least three components that are going to limit the geek's options dramatically: the always-on internet connection, the app-store and hardware that is much less physically accessible.
Re:Bruce (Score:5, Insightful)
it wasn't cracked for five years because it was wide open for the first few until sony decided that they needed to be a douche and screw look people out of using a feature that they had paid for.
Steve Ballmer is gonna be pissed (Score:5, Insightful)
Internal conflict? (Score:3)
I wonder if this guy hates his job/Nokia/Microsoft. I meant if he loves his company, he should have contacted Microsoft, and get fixed, then perhaps gets some street cred by publishing some news report.
I am not sure if this kind of activity would sour the relationship between Microsoft and Nokia. Perhaps that's actually his goal.
Re: (Score:2)
I wonder if this guy hates his job/Nokia/Microsoft. I meant if he loves his company, he should have contacted Microsoft, and get fixed, then perhaps gets some street cred by publishing some news report.
I am not sure if this kind of activity would sour the relationship between Microsoft and Nokia. Perhaps that's actually his goal.
Maybe he did contact Microsoft and they ignored him. Maybe he felt whistle-blowing was the only way to get this fixed.
Re: (Score:3, Insightful)
Re: (Score:2)
Re: (Score:3)
Why do you think this even *can* be fixed? Windows 8 and Windows RT come with full Admin access. They're rooted by design; there's nowhere you can hide a DRM setting (and that's all this is) that it can't be found and changed. Worst case, you can always just attach a debugger to the application (locally on Win8, using the remote debugger tools on Windows RT) and go to town.
While I'm a little surprised that an employee of a MS partner such as Nokia would publish something like this, there's really nothing MS
Re: (Score:2)
Why do you think this even *can* be fixed? Windows 8 and Windows RT come with full Admin access. They're rooted by design
It's not quite full access. Try disabling code signature check (to run arbitrary desktop apps, not just those signed with MS key) to see what I mean.
Sooner or later, that's going to be circumvented, too - some folk over on XDA are working on it [xda-developers.com] - but, so far, they haven't cracked it.
By design (Score:5, Insightful)
how else would they increase their user base.
Hacker show they can hack software (Score:2)
News at 11.
It's All Source (Score:2)
isn't this really an issue that is intrinsic to all installed applications?
Yes, even assembly can still be considered source code. That's why a lot of software is moving to a client-server architecture, especially commonly-pirated items like games.
Re: (Score:2)
Nominating this for unintentional face-desk post of the day. Of course assembler isnt just 'considered' source code it is source code, or rather a language in which source code is written. Not sure what they are teaching (or smoking) in school these days but that made no sense at all. It's like saying 'the sky can still be considered blue.' Only sometimes the sky isnt blue, so even that analogy was too weak.
Oh my God it's full of bytes! (Score:2)
The terminology doesn't help much though since a "disassembler" actually produces readable assembly from the binaries
Re: (Score:2)
Yes, you're both right, I meant raw binaries.
Can he show how to... (Score:5, Funny)
Re: (Score:2)
Let that be a lesson to developers (Score:2)
what about porting app store apps to 7? (Score:2)
what about porting app store apps to 7?
Yes, these cracks happen to all the codes. (Score:2)
Re: (Score:2)
Extend: Make easy to pirate over a digital distribution platform
Extinguish: No more demand for re-sellers of pirated HDs
Why is this "worrying" or "scary"? (Score:2)
n/t
You are all breaking the law. (Score:2, Funny)
Attention Slashdot,
On behalf of the DoJ (*) and the FBI (**), I must inform you that your link to instructions on changing an XML file are in violation of any number of laws, judicial opinions, and fantasies of various American politicians. Cease! Desist! Guantanamo remains open.
(*) Dumb oily jerks
(**) Folks bu****it inspired (***)
(***) Yeah, you can do better.
worryingly? (Score:2)
I'm not worried. Why would I want ads in my applications? These web 2.0 idiots need to stop trying to take control of my computer away from me.
Re: (Score:2)
The folly is: you thought you had control in the first place.
A Matter of Perspective (Score:5, Funny)
I prefer to use the term "Freedom Vectors" rather than "Attack Vectors". It's more honest to what you're actually doing.
The problem with pirating.... (Score:5, Interesting)
...Win8 apps, is that you still wind up with Windows 8 apps.
I have to speculate on the motivation behind this how-to guide. Microsoft has known for a long time that piracy fuels market share. Bill Gates said publicly so in 1998, and every time Ballmer hops up and down about turning the copyright protection knob to 11, saner minds prevail and he shuts up.
This hasn't been released without behind-the-scenes official blessing and encouragement from Microsoft.
--
BMO
Comment removed (Score:3)
Poor move (Score:3)
Publishing this seems like a pretty pathetic move to boost Win8 Sales
"Look! You now even can get Apps for free for Win8"
Remember MS-DOS? (Score:3)
Remember MS-DOS? It was this upstart operating system which came basically without copy protection for either itself or the software that ran on it; it became quite popular.
Now we have Win8/RT/whatever, which is an upstart operating system in the mobile world which comes basically without copy protection for itself or the software that runs on it...
Those ads bug me (Score:3)
No, it's not. (Score:3)
> It's easy to blame Microsoft for this, but isn't this really an issue that is intrinsic to all installed applications?
No one read John Carmack's "don't let the client control anything" screed several years back, about how gaming systems cannot let the client code *know* or *control* things, because then it could be replaced with something that would cheat on the user's behalf, by looking around corners for bad guys and such?
This is the same exact thing, as far as I can see...
http://www.catb.org/esr/writings/quake-cheats.html [catb.org]
Re:I detect spin... (Score:5, Funny)
SPIN? Of course you can do these on other platforms! Article is clearly an M$ shill.
Anonymous Coward = ... (Score:4, Funny)
Anonymous Coward = Anonymous Coward
Re:I detect spin... (Score:5, Insightful)
Its nothing that hasn't been done for as long as I've used computers.
Yes, you can change code and work around everything.
SecureBoot with a fully trusted chain makes it impossible ... right up until an exploit is found in the chain.
Cracking isn't new, and this isn't particularly impressive. Not that credit isn't do for pointing it out, the guy is the 'First Post' so to speak, but other than that, its just 'meh, I did this when I was 15' and it was harder then as programmers weren't so lazy to store things in easily editable unsigned XML files since MOST people using computers had a bit of a clue.
Re:I detect spin... (Score:5, Funny)
I did this when I was 15'...
Damn! How tall are you now?
Re: (Score:2, Insightful)
Another victim of our failing educational system...
Re: (Score:2, Informative)
Another victim of our failing educational system...
The fact the measurement is still in Imperial units in 2012 indicates it failed a long, long time ago.
Re: (Score:2)
Canada. We advertise fuel economy in both L/100km and mpg (Imperial)
Re: (Score:3)
Only because the MPG rating allows comparisons with US ratings often published in Canada as well.
Meanwhile, the USA has officially been metric for years but posts speeds in mph.
Re: (Score:3)
We use *Imperial* gallons in our fuel efficiency ratings. The numbers cannot be compared directly to US gallons, as there are ~4.5 liters per Imperial gallon, and 3.785 liters per US gallon.
Re: (Score:2)
Canada uses Imperial gallons, not US for fuel economy.
http://en.wikipedia.org/wiki/Gallon [wikipedia.org]
Re: (Score:2)
"Meanwhile, the USA has officially been metric for years but posts speeds in mph."
You didn't say Imperial was metric, but you kind of implied it, intentionally or not. Which might confuse people. So, to clarify:
"Imperial" units have nothing whatever to do with the metric system, just as the old U.S. SAE system also had little to do with the metric system. Imperial units are a third measurement system, separate from both U.S. and metric.
Re:I detect spin... (Score:5, Funny)
[oblig]: Handy fact: "miles-per-gallon" (Imperial gallons mind you) is equivalent to "furlongs-per-pint" :)
I'll get my coat ...
Re: (Score:2)
Because it's a world market, and everyone using metric would save a lot of labelling, speeds things up by not requiring mental or calculated conversions, prevent expensive and wasteful mistakes (ex. probe slamming into mars instead of landing on it) from people not realizing the others are using a different system, etc, etc.
You couldn't figure that one out on your own?
Re:I detect spin... (Score:5, Funny)
I did this when I was 15'...
Damn! How tall are you now?
That's not his height. He meant to say he was 15 minutes [answers.com] old then.
Re: (Score:3)
15 minutes of angle old? That's... an odd way to put it?
Re:I detect spin... (Score:4, Interesting)
Re: (Score:3)
Yes, you can change code and work around everything.
SecureBoot with a fully trusted chain makes it impossible
It could make it impossible, but it does not - Win8 does not encrypt the installed apps, nor does it restrict the user from modifying them (the default account permissions do not allow access, but you can always elevate to admin and override them). No rooting required.
So in this case the curious part is not that it's modifiable, but rather how easy it is. Especially with HTML5/JS apps, where you can literally edit the code in-place (no surprise there).
IIRC, this used to be the case for Android as well, but
Re: (Score:3)
Encryption isn't required. Digital signatures will do the trick. Sure, modify away. Doesn't mean it'll get loaded as soon as the signature check fails.
Encryption isn't even useful. The decryption keys MUST be there in order for it to be run, so all you're doing is slowing things down for no benefit.
Digital signatures on the other hand, do accomplish the goal without providing the keys required to create new signatures.
Without looking, I'd wager what you mean is that Android uses digital signatures now m
Re: (Score:3)
Encryption is useful if you want to prevent reverse engineering, and not just modification. And, of course, with private key encryption, you don't have to provide the keys required to encrypt more binaries.
Re:I detect spin... (Score:5, Insightful)
If you're capable of reverse engineering the program itself, then you are also capable of reverse engineering the program that decrypts it so you can extract the keys anyway. Encryption would never be more than a minor nuisance for someone wanting to reverse engineer programs.
Re: (Score:2)
SecureBoot with a fully trusted chain makes it impossible ... right up until an exploit is found in the chain.
Secureboot is only really about preventing unsigned code from loading before the operating system. It never was intended to do anything to stop anything at the application level.
I did this when I was 15' and it was harder then as programmers weren't so lazy to store things in easily editable unsigned XML files since MOST people using computers had a bit of a clue.
Depends on the problem at hand. Back in say even the 90's there was lot less knowledge of how to write secure code and how to hack it, so it wasn't that hard to hack things. Now there's a lot more stuff, and programs are significantly more complex, on average, even supposedly simple things require significant OS libraries, and e
Re:I detect spin... (Score:5, Funny)
Its nothing that hasn't been done for as long as I've used computers.
Come on BitZtream, we've been over this many times before. This is " on a mobile device ", so it's never been done before. Get with the times, man.
Re:I detect spin... (Score:4, Insightful)
Re: (Score:3)
There are several different hacks for the xbox 360, the most popular of which is the "jtag hack"... People wanting to copy games emulate the DVD however because its harder to detect, and thus less likely to get banned from xbox live.
Re: (Score:3, Insightful)
I detect a fired employee (Score:2)
Re:I detect a fired employee (Score:5, Interesting)
Well he works for Nokia, so chances are he would have been out of a job soon anyway.
On the other hand, piracy has usually been good for the underlying platform, perhaps MS/Nokia are doing this as a way to encourage piracy and thus attract more users to the platform.
Given how easy the hack was, perhaps this was their intention all along only their platform proved so unpopular that noone ever bothered trying.
No, you detect a WARNING (Score:5, Insightful)
A lot of people have had issues with MS going the walled garden route but the true reason to fear it a bit more complex.
Up until quite recent, MS didn't really care about piracy of its own products and not at all about piracy of 3rd party products. After all, illegal copies helped MS software spread to the home, so people got used to it and demanded it in the office where they didn't need retraining. Then MS just made its money from office installs and everyone was happy. It worked VERY well for MS.
MS cared even less for what happened to 3rd party applications, after all, the more usable a Dos/Windows install was, the more it would become the dominant force. Adobe itself also doesn't really care about amateurs/students using illegal copies of Photoshop, just as long as you become a paying customer once you make money with it, they do fine.
But with a payed walled garden, MS has a stake in 3rd party sales. Piracy hurts its bottom line. The only way to stop this is Trusted Computing. Before the payed walled garden, MS had no real need of its own for Trusted Computing. Now it does. So it will push for it even harder.
It is the same reason why MS going into hardware is a bad thing. Before, MS had no reason to fear people installing Linux on a Dell. But installing Linux on a subsidized MS piece of hardware? NO!
Consider this, a pure data ISP doesn't care what goes over its lines, hence why Skype on the PC was never an issue. But a ISP that sells other services, like voice calls for a fee, DOES care. See the ban on Skype by many mobile providers.
And a ISP that sells music/movies has itself an interest in stopping people from getting them elsewhere.
Sony is a prime example of how such conflicting interests can even hurt the company itself, Sony crippled the otherwise quite decent Mini-disc because it feared piracy more then lost hardware sales.
My worry about Windows 8 app store isn't in how it performs but in that it is turning what was a remarkably open system into a closed one. With no benefit to me.
Was Sony's hand forced? (Score:3)
Sony is a prime example of how such conflicting interests can even hurt the company itself, Sony crippled the otherwise quite decent Mini-disc because it feared piracy more then lost hardware sales.
Are you sure Sony's hand wasn't forced by the other major record labels and their demands for the Serial Copy Management System?
Comment removed (Score:5, Interesting)
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Sorry, Nokia managed that very well on their own...
Re: (Score:3)
Nokia would have had better luck sticking with meego/maemo, and the small, but stable, and rabidly loyal fanbois that were willing to shell out over $600 for a new unbranded phone, just for meego/maemo.
windows 8 does not garner that level of excitement, or consumer enthusiasim.
Re:Exemplary abstraction (Score:4)
But it's XML. The framework doesn't let anybody do that! Why would anyone mess around with a text editor, or grep for strings like "trial"? You don't need a filesystem, you just need <QUANTITY="MOAR">XML</QUANTITY>. Separate your data from the presentation and the application, and let some other level of abstraction deal with everything else.
"The more they overthink the plumbing, the easier it is to stop up the drain."
- Commander Montgomery Scott (Ret.)
Re: (Score:2)
You don't have to do any such thing. It's easier if you use a tool built for the purpose, but you can use Notepad or fucking edlin if you want to.
Re: (Score:2)
Scarily, even Fedora doesn't have vi installed by default these days. One has to install it using the package manager.
Re: (Score:2)
What on earth would the point of that be?
Ultima was solitaire.
How bad does it have to get to feel like you need to cheat at solitaire?
Re: (Score:2)
I modified Ultima 3 so that I could control the ship's fireball and follow/"fly" behind it.
Modified Wings of Fury (Apple IIGS/IIe) so that I could change the projectiles I fire to different types on demand even in flight! e.g. press a key and flying rockets turn to torpedoes or bombs.
All this hack shows is that Windows 8 is not very locked down - just like previous versions of Windows. Whose responsibility is it for securing such stuff? Microsoft or the
Curiosity? (Score:3)
Experimentation, maybe? Trying out stuff, see what happens when you push the limits?
Re:Nothing new here.. (Score:4, Interesting)
Re: (Score:2)
Then the production houses are tooled up, renting the software per seat/core.
The end user walks around staring at the MS logo as they smile over the 'deal' they got.
The boss gets addicted to seeing and making changes on the go.
Slowly the system gets bloated, more expensive and more closed.
Re: (Score:2)
Re: (Score:2)
and soon all systems will have a DRM chip and linux / other non app store as well a adult stuff will be locked out.
Secured boot loaders didn't work that well on Android.
The more prolific a restrictive device/process the faster it will be cracked. The locked bootloaders were only on a small number of Motorola Android phones and they were cracked in short order. IOS gets cracked mere days after it's release and most video game DRM systems are cracked prior to release day.