Windows Phone 7 Marketplace Hack Demonstrated

← Back to Stories (view on slashdot.org)

Windows Phone 7 Marketplace Hack Demonstrated

Posted by Soulskill on Friday December 31, 2010 @07:24AM from the matter-of-time dept.

broggyr writes "Seems it didn't take long to hack the Windows Phone 7 marketplace. Quoting WPCentral: 'For developers, the weakness in Microsoft's DRM for Windows Phone 7 applications has been well known for quite some time, and there have been calls for Microsoft to address these concerns ... Since then, a "white hat" developer has provided WPCentral with a proof-of-concept program that can successfully pull any application from the Marketplace, remove the security and deploy to an unlocked Windows Phone with literally a push of a button. Alternatively, you could just save the cracked XAP file to your hard drive. Neither the app nor the methodology is public, and it will NOT be released ... It is important to note that this was all done within six hours by one developer.'"

9 of 89 comments (clear)

Min score:

Reason:

Sort:

A question of cash... by Frosty+Piss · 2010-12-31 07:30 · Score: 3

Neither the app nor the methodology is public, and it will NOT be released

Until / unless sufficient cash has been offered to the developer...

--
If you want news from today, you have to come back tomorrow.
1. Re:A question of cash... by v1 · 2010-12-31 07:48 · Score: 2
  
  if one dev could do all that in half a day, it'll take less skilled hackers a few days to develop the same thing, with them now knowing that it's not only possible, but easy to do.
  I give it less than a week before we see a kit or three floating around on the various torrent sites.
  
  --
  I work for the Department of Redundancy Department.
2. Re:A question of cash... by AliasMarlowe · 2010-12-31 08:00 · Score: 2
  
  Neither the app nor the methodology is public, and it will NOT be released
  Until / unless sufficient cash has been offered to the developer...
  Apparently, this weakness was pointed out months ago (according to comments in TFA). The black hats probably all have it if they want it, so the associated monetary value for such an exploit is probably low and falling.
  
  --
  Those who can make you believe absurdities can make you commit atrocities. - Voltaire
3. Re:A question of cash... by ColdWetDog · 2010-12-31 08:09 · Score: 3, Informative
  
  You should know better that to use such a weak command on good 'ol MK. Try this:
  
  "Oh uncool bush! Unloose this passle
  Of furry cats that you hassle!
  Tho' by speed my brain's destroyed,
  I'm not half this paranoid!
  So cease this bummer, down the freak-out,
  Let caps and joints cause brains to leak out!
  These cats are groovy here among us,
  So leave 'em be, you up-tight fungus!"
  
  Either that or just call his mom and tell him to come upstairs for a while.
  
  --
  Faster! Faster! Faster would be better!
4. Re:A question of cash... by fuzzyfuzzyfungus · 2010-12-31 09:43 · Score: 3, Insightful
  
  For piracy-related weaknesses, I suspect that the monetary value will never be all that high.
  
  To go by the PC experience, there are basically two motives behind cracking DRM on programs: You have the warez scene guys, who do it for the interest and the bragging rights, and tend to produce working(but in no way intended to look uncracked, particularly in areas like the installer, which will often be coated in the livery and distinctive symbols of the group that cracked it) releases that quickly get torrented around and make nobody any money worth noting. Second, you have the more professional set who(sometimes independently, sometimes piggibacking on the efforts of the first group) produce functioning cracked versions, intended to look as legitimate as possible(no flaming skull ascii art in the documentation...), mostly of expensive professional programs, for sale to the unsuspecting or unsophisticated as suspiciously cheap, but hardly free, "OEM" software.
  
  Unless Windows Phone substantially differs from the iPhone or Android, and actually features a lot of available expensive pro stuff, the second group will be largely unmotivated(also, since MS controls the official market, it will be very difficult to fool n00bs into thinking that your cracked copy is a "real" version, even if sideloading is trivial). The first group might spring up, if the Windows Phone market becomes large enough to provide a pool of interested hackers; but(perversely) the sheer ease of cracking, at the present time, will likely bore them. Somebody will probably release a sideloader utility, at some point; but an active warez scene like that of the PC seems less likely, and an active "fake legitimate" scene seems less likely still.
Rude, just rude by Rik+Sweeney · 2010-12-31 07:31 · Score: 4, Funny

Neither the app nor the methodology is public, and it will NOT be released
Kind of selfish, why should the only other owner of a Windows Phone 7 have to pay for their apps?

--
Summation 2
1. Re:Rude, just rude by thetoadwarrior · 2010-12-31 08:38 · Score: 2
  
  Not every does point and click Visual Studio programming.
incorrect info by phantomfive · 2010-12-31 08:11 · Score: 3, Informative

It's not that hard. There are several ways to do it (as are documented here). It's not even a real crack, you need to have a developer account to even side-load the apps on the phone (you can use the chevron cert also, but if you do that, you need to be careful otherwise all the apps will be erased when you update). In that case you can only upload 10 apps max at a time.

This is the second slashdot article talking about a WP7 hack that wasn't really a hack. People are having trouble jailbreaking the thing, so we keep seeing articles about meaningless hacks as everyone wants to know when it is really jailbroken.

--
Qxe4
Re:Biggest mobile disasters of 2010 by commodore64_love · 2010-12-31 10:09 · Score: 2

Yes TEXTING does cost practically nothing. "When phones are on and waiting for a phone call or any type of data retrieval, they are ALWAYS connected to the cell phone tower. The phones and cell phone towers exchange little packets worth of information back and forth so when ever a call comes it, they can find you straight away. Can anyone guess how big the packets are that are sent between cell and tower? If you guess 160 characters, you are right." In other words they are charging for a service that should be free, because the phone and tower are *already sending* Texts to one another. It costs nothing for the company to append that extra 160 character Text to the outgoing packet.
"When you think of it on a kilobyte level it costs us $1.09 per text message Kilobyte. The markup for costs is 7300%." So using your example of 2000 messages/month, that's just 320,000 characters or 0.00032 gigabytes. It shouldn't cost 25 dollars (what Virgin now charges for unlimited texting). Continued here: http://www.spoiledtechie.com/post/The-Actual-Cost-of-Texting2c-Short-Codes-and-a-731425-Mark-up.aspx and here: http://www.google.com/search?q=cost+of+texting
To summarize: Phones are "texting" towers constantly as part of the cellular standard.
The appending of a personal message costs nothing extra for the company.
The rates are outrageously high for the minuscule data passed.

--
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall