Slashdot Mirror
Nokia Engineer Shows How To Pirate Windows 8 Metro Apps, Bypass In-app Purchases
MrSeb writes "The principal engineer for Nokia's WP7 and WP8 devices, Justin Angel, has demonstrated, in rather frank detail, how to pirate Windows 8 Metro apps, how to bypass in-app purchases, and how to remove in-game ads. These hacks aren't exactly easy, but more worryingly they're not exactly hard either. Angel shows that turning a trial version of a Metro app into the full version — i.e. pirating an app — is scarily simple. It's just a matter of downloading an open-source app and changing an XML attribute from 'Trial' to 'Full.' Likewise, a quick change to a XAML file can remove an app's ads. Bypassing in-app purchases is a little trickier, involving some reverse engineering of some DLLs and and decryption of database files, but Angel still makes it look fairly easy. Angel gives himself one million credits in Soulcraft, an RPG game — something that would cost you over a thousand dollars, if you performed a legitimate in-app purchase. Angel also demonstrates a way to bypass in-app purchases in WinJS (Metro/JavaScript) apps, by injecting scripts into IE10 (the rendering engine for WinJS apps). It's easy to blame Microsoft for this, but isn't this really an issue that is intrinsic to all installed applications? The fact is, Windows 8 Metro apps are stored on your hard drive — and this means that you have access to the code and data. Hex editors, save game editors, bypassing Adobe's 30-day trials by replacing DLL files, pirating Windows 8 apps — these are all just different incarnations of the same attack vectors."
Apple and Android platforms also suffer from hacking - their piracy rates are at 60% by some:
http://www.theverge.com/2012/8/7/3225154/dead-trigger-dev-interview-piracy-android-ios
This does not make Windows 8 any worse than the competition. In fact, it looks somewhat better from this article because the hacks are lengthier, at least for the present.
Sent from my ENIAC
There's no attack here. Somebody's modifying software on his own machine for his own use.
And this guys goal is to.....get Fired?
But instead they'll be on the phone with Nokia trying to get this guy fired.
Nokia is more or less owned by Microsoft so...
thegodmovie.com - watch it
Bruce Schneider just facepalmed. How many times do you people need to be told client side security doesn't work? Of course the Windows 8 store got hacked: No matter how much you try to lock it down, all you're doing is just giving some bored teenagers and underemployed/unemployed programmers something to challenge them. The Playstation 3 had some very advanced client-side security. It still got broken. It took them awhile, but it fell, as all client side security must. If you have physical access to the hardware, you own it. It may take a mod chip, it may take a special program, or technical knowledge, but the problem is one that although the skillset required to hack it may be highly specialized, once that single success happens, everybody reaps the benefits within hours to months. And there are far more bored engineers than there are DRM proponents. All client-side DRM has ever accomplished is frustrating and annoying paying customers.
This isn't news. This isn't even interesting. Hell, let's be honest here -- how many of you work at a company that has plans to migrate to Windows 8? Support it for people who have it at home? How many of you are planning on making it your primary operating system?
I see very few hands. This operating system exploded on the launch pad. It's an attempt to emulate Apple, and they botched it so hard that senior Microsoft executives will be getting handed pink slips by the end of next year -- I'd wager serious money on that. Microsoft lost its ability to innovate awhile ago... now it just follows where the market goes, maintaining a profit margin but never pushing the margins of the technology. The reasons for this are many and beyond the scope of this post...
But don't act surprised when someone cracks a client-side security scheme. No implimentation of it has denied a determined attacker with the resources of a private individual or (at worst) a small company to date. It has a fundamental design flaw that cannot be corrected.
#fuckbeta #iamslashdot #dicemustdie
Naturally Microsoft will have him arrested, right? Right? I mean, if it were some random hacker they would, right? 15 years in the Grey Bar Hotel?
If you want news from today, you have to come back tomorrow.
I really hope Nokia realized that when they sold their soul to MS they don't get to say what they want anymore. They are tied to a much stronger company, who literally controls their only chance at having any relevance in smartphones. When they had options, and in-house OS production they might have been able to say what they wanted, and risk souring one of many relationships. Now it's all the eggs in one place, with a company not known for treating even perfect partners with an ounce of respect.
I wonder if this guy hates his job/Nokia/Microsoft. I meant if he loves his company, he should have contacted Microsoft, and get fixed, then perhaps gets some street cred by publishing some news report.
I am not sure if this kind of activity would sour the relationship between Microsoft and Nokia. Perhaps that's actually his goal.
It should have read ex-Nokia engineer.
Anyone remember Ultima? I used to hex edit my stats and inventory to get items all the time.
how else would they increase their user base.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
From the summary: It's just a matter of downloading an open-source app and changing an XML attribute from 'Trial' to 'Full.'
Er, what? Come again? I don't even know what to say, my mind has already been blown across the room. This is like Sony including the PS3 master key in a ROM chip in every console they've shipped. The mind, it boggles.
News at 11.
isn't this really an issue that is intrinsic to all installed applications?
Yes, even assembly can still be considered source code. That's why a lot of software is moving to a client-server architecture, especially commonly-pirated items like games.
Roll Windows 8 back to Windows 7?
If you could reason with religious people, there would be no religious people
But it's XML. The framework doesn't let anybody do that! Why would anyone mess around with a text editor, or grep for strings like "trial"? You don't need a filesystem, you just need <QUANTITY="MOAR">XML</QUANTITY>. Separate your data from the presentation and the application, and let some other level of abstraction deal with everything else.
"The more they overthink the plumbing, the easier it is to stop up the drain."
- Commander Montgomery Scott (Ret.)
This is not a failing of the ecosystem, but of the propensity of app developers to trust client side data. The client is a dirty evil little thing, and under no circumstances would it be a good idea to grant it access to precious sever side resources (such as in game purchases) without validating the request against private data (EG. an auth token).
Fanboy Status: Apache Flex, C#, Eclipse, KDE, Pirate Party, Ron Paul, Slackware, Windows 7
"They'll get addicted, and then we'll collect" - Bill Gates
Well, Nokia collects anyway unless people pirate the phones too.
what about porting app store apps to 7?
In most third world countries you can buy a 1 TB hard disk filled with cracked versions of all kinds of software . Price is cheaper for the Bring Your Own Harddisk deals. Everything from Maya, Adobe Illustrator, video editors all the way to strange things like Serenade 7.0 circuit simulator from Compact Software or Star-CCM++ mesher, whatever the hell that is. CAD/CAM tools blah blah blah... everything. So not surprised by the fact some one cracked it. What surprised me was that it is as simple as reading the file in, and changing an XML attribute of an entity with off-the-shelf tools, not something complicated like the black-orifice cracker/debugger. Reminds me of the early days in Web commerce where a site was submitting the price and quantity in a open form. People could just modify the html page and submit orders with spurious (and low) price.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
The maker of Real Player, real.com, used to offer a plethora of games for trial and purchase. The problem was when the trial game was opened while the installation folder was also open, a full version with a hidden attribute would appear right next to it. Simply copy the full version to another folder, end the trial and paste the full version back in.
These schemes, DRM, and trusted computing in general suffer from an assumption that consumers are stupid.
and soon all systems will have a DRM chip and linux / other non app store as well a adult stuff will be locked out.
if you actually read his blog then it might become rather obvious that this comes off as more of an academic exercise rather than "oh my god look how bad windows 8 is!". But Microsoft should be happy about this, now they have proof, to point to that the reason applications in Windows 8 aren't selling so hot is not because the operating system is starting out as unpopular but because everyone know's how easy it is to pirate their apps! Don't forget he used free open source software too! har
Good leaders run toward problems, bad leaders hide from them.
Of course assembly is source code. I take it you meant the binaries instead. :)
The terminology doesn't help much though since a "disassembler" actually produces readable assembly from the binaries
and soon all systems will have a DRM chip and linux / other non app store as well a adult stuff will be locked out.
Secured boot loaders didn't work that well on Android.
The more prolific a restrictive device/process the faster it will be cracked. The locked bootloaders were only on a small number of Motorola Android phones and they were cracked in short order. IOS gets cracked mere days after it's release and most video game DRM systems are cracked prior to release day.
Calling someone a "hater" only means you can not rationally rebut their argument.
n/t
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Attention Slashdot,
On behalf of the DoJ (*) and the FBI (**), I must inform you that your link to instructions on changing an XML file are in violation of any number of laws, judicial opinions, and fantasies of various American politicians. Cease! Desist! Guantanamo remains open.
(*) Dumb oily jerks
(**) Folks bu****it inspired (***)
(***) Yeah, you can do better.
I'm not worried. Why would I want ads in my applications? These web 2.0 idiots need to stop trying to take control of my computer away from me.
There's no attack here. Somebody's modifying software on his own machine for his own use
Without paying for it.
Some would call it a hack, others simply theft.
The geek earns his bad press. That is how he loses control over the meaning of words like hack and hacking.
I prefer to use the term "Freedom Vectors" rather than "Attack Vectors". It's more honest to what you're actually doing.
If the only way you can accept an assertion is by faith, then you are conceding that it can't be taken on its own merits
Tomorrow.
You are being MICROattacked, from various angles, in a SOFT manner.
I am surprised that unlocking trials is as easy as it is, but software developer have always had their own way of security trials. There's no reason why software developers can't continue using better trialware.
means nothing to the Obama generation.
You know, the button that says you won't leach of the people that create things.
They don't beleive in comandments like thou shalt not STEAL.
Pretty much a bunch of assclowns.
Now leave your own wifi open, or run root on your own device.
Hey there are limits to freedom now, aren't there?
FSKING SLASHDOT USERS ARE ENABLERS AND FRAUDS.
What? People use Windows 8?
I just wonder if this has more to do with following step-by-step instructions to prove you can or if it's actually worth doing it to save $1. I guess this would be very similar to getting a Redbox DVD for $1, watching it, and then never returning it, but not being charged more than the $1...if this isn't considered theft then I guess I don't understand what constitutes theft...maybe it's the magnitude of the theft that really matters. Shoplifting vs. taking money from a register...maybe the former is ok if it's a pack of gum with the latter being a felony since it's like $50?
No, it's not theft since they allowed me to download the application and use it, and those adds are annoying so I have the right to not view them. As for the gum vs. the $50 that's just ludicrous...it's only a felony if you get caught.
And freedom fries, ay,you silly fool !! Bring in Wal*Mart and all will be better !! Ay !!
Experimentation, maybe? Trying out stuff, see what happens when you push the limits?
"Science can amuse and fascinate us all, but it is engineering that changes the world. " - Asimov.
Press2ToContinue (2424598) = Shill/troll account
Anonymous Coward = Anonymous Coward
Sent from my ENIAC
If he asked for a trial and was given a fully functional version configured to act like a trial, there’s nothing wrong in reconfiguring it.
I predict, that the man is future former Nokia engineer.
JAM
...Win8 apps, is that you still wind up with Windows 8 apps.
I have to speculate on the motivation behind this how-to guide. Microsoft has known for a long time that piracy fuels market share. Bill Gates said publicly so in 1998, and every time Ballmer hops up and down about turning the copyright protection knob to 11, saner minds prevail and he shuts up.
This hasn't been released without behind-the-scenes official blessing and encouragement from Microsoft.
--
BMO
He used to work at Microsoft until he got pushed out. Then he got hired at Nokia, but likely got bitter after Nokia found what the Microsoft people thought of him and he is no longer put on the good projects.
I know a few people that worked with him in his past and current job, and have yet to find someone who enjoyed working with him.
Finally, to most serious Microsoft XAML developers, what he talks about is already very well known and people have been doing it for ages. This is not even as 'hard-core' as Jungle Creature's Decompiler.Net from .NET 1.1 days.
So quit saying wp7 / wp8 is "broken". Windows 8 is NOT windows PHONE 8.
If you write a windows phone app, it can't modify other app's data or storage.
If you use tools to upload or download files (like a database) from the device directly, you still can't touch stuff outside of the folder of your app.
then technically it's not theft.
The only client-side DRM that never got cracked was on Tapwave Zodiac, and the reason for THAT is that the platform flopped.
Anyway, it's good that he didn't demonstrate these things in Finland, as it's illegal to talk about cracking here. Thanks, lobbyists.
Nokia loyalist taking revenge against Microsoft for destroying his company by showing how to pirate on the platform and thus reducing developer support eventually killing it?
...but I couldn't find a single Metro-app or game worth the effort!
Why didn't the developers obfuscate their sensitive Javascript code? Who leaves var IS_PAID_FULL_VERSION in the release of their JS code? Or am I missing something? As far as I know, it's not a compiled language into either machine language or byte code. It's pure script. What JS developer would be this stupid?
The G
Harder it is to 'pirate' or share interesting things with friends, as a social beings, faster we find something else that we can share with our friends. There is a reason
why most people prefer listening radio rather than buying music or playing games on facebook rather than on consoles. It is easier to share music with friends when it comes freely from radio and it is easier to compete with friends when it is easily accessible in facebook. Console and bought music seems so lonely when they are so hard to share ( experience ) with friends. Long time ago when I was young it was easy to share music bought or games bougth or movies with friends, you just made a copy for them and they made copies for you, today it is almost impossible to get that social experience to bought games,music or movies.
Whether you agree to an EULA or not has nothing to do with the legal definition of "theft". It all depends your jurisdiction's definition (and interpretation).
If I walk into a grocery store and take a loaf of bread without paying, I can't claim that it wasn't theft because I never agreed to the grocery store's policies.
"have the right to not view them"? What? You are clearly insane. You're not entitled to do ANYTHING at all. :) Everything you do in life - everything - is because you've been enabled by other people do so. You're not entitled to take a shit in your own house without the fact that an entire infrastructure has been built around providing you with the ability to do so, and it's an infrastructure you pay for. Or, if you're a freeloader who doesn't contribute, then you're even less entitled than those who do. The fact you're breathing is because a whole bunch of other people have put a government and law enforcement system in place that allows you to live out your life in relative freedom and safety.
:) And as much as anyone can give you permission, they can take permission away. You. have. no. rights.
;) I've just been around longer, and experienced more than you. I've lived in places where people get shot for "fun" by child gangs. Rather than ranting, I really need to just post a "First World Problems" meme pic for ignorant idiots like yourself.) :)
You entitlement brats are crazy with what you imagine your "rights" are. There are no natural rights. You have as much right to "skip ads" as I have to scoop out your eyeballs. The ONLY difference is that society deems one generally more detrimental to peace than the other, although exceptions are made from time to time.
Everytime someone says anything is their "right", they only demonstrate their blissful ignorance of reality. What you think are rights, is other people giving you permission to do something.
(And no, I'm not a crazy militia nut.
PS3 security worked for the vast majority of the PS3's profitability window. For you to claim that "client side security doesn't work" just because you brazenly assert this doesn't make it true. Clearly, it DID work in the case of PS3 and allowed Sony and associated developers to earn far more profit despite the presence of thieving "bored teenagers" that were actively trying to crack it.
Your claim that "windows 8 is an attempt to emulate apple" is also nonsense. Windows 8 may or may not be many things, but " an attempt to emulate apple" it is certainly not
"But don't act surprised when someone cracks a client-side security scheme. No implimentation of it has denied a determined attacker with the resources of a private individual or (at worst) a small company to date. It has a fundamental design flaw that cannot be corrected."
There were HUGE rewards to be had for those who cracked Ps3 and the problem was very seriously considered by quite a few groups for some time without success. But,. you know, what is an actual exmaple, now several years old, of effective DRM compared to your wishful thinking?.
Hacking != theft.
If you walk into a grocery store, are handed a free sample of a loaf of bread, then somehow alter that sample to magically grow into a full sized loaf of bread, is that theft?
Theft analogies don't apply to software.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
Publishing this seems like a pretty pathetic move to boost Win8 Sales
"Look! You now even can get Apps for free for Win8"
bickerdyke
Remember MS-DOS? It was this upstart operating system which came basically without copy protection for either itself or the software that ran on it; it became quite popular.
Now we have Win8/RT/whatever, which is an upstart operating system in the mobile world which comes basically without copy protection for itself or the software that runs on it...
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
A lot of people have had issues with MS going the walled garden route but the true reason to fear it a bit more complex.
Up until quite recent, MS didn't really care about piracy of its own products and not at all about piracy of 3rd party products. After all, illegal copies helped MS software spread to the home, so people got used to it and demanded it in the office where they didn't need retraining. Then MS just made its money from office installs and everyone was happy. It worked VERY well for MS.
MS cared even less for what happened to 3rd party applications, after all, the more usable a Dos/Windows install was, the more it would become the dominant force. Adobe itself also doesn't really care about amateurs/students using illegal copies of Photoshop, just as long as you become a paying customer once you make money with it, they do fine.
But with a payed walled garden, MS has a stake in 3rd party sales. Piracy hurts its bottom line. The only way to stop this is Trusted Computing. Before the payed walled garden, MS had no real need of its own for Trusted Computing. Now it does. So it will push for it even harder.
It is the same reason why MS going into hardware is a bad thing. Before, MS had no reason to fear people installing Linux on a Dell. But installing Linux on a subsidized MS piece of hardware? NO!
Consider this, a pure data ISP doesn't care what goes over its lines, hence why Skype on the PC was never an issue. But a ISP that sells other services, like voice calls for a fee, DOES care. See the ban on Skype by many mobile providers.
And a ISP that sells music/movies has itself an interest in stopping people from getting them elsewhere.
Sony is a prime example of how such conflicting interests can even hurt the company itself, Sony crippled the otherwise quite decent Mini-disc because it feared piracy more then lost hardware sales.
My worry about Windows 8 app store isn't in how it performs but in that it is turning what was a remarkably open system into a closed one. With no benefit to me.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Windows 8 doesn't come with a Mahjong game any more, instead it's on the app store but it's still made and supported by Microsoft. I couldn't care less about that. What I do care about is the thing has this unskippable fucking ads that appear at random between levels, and are always promoting some other game called Tap Tiles. It's highly annoying behaviour, made worse because along with it Mahjong has turned into a buggy mess which randomly crashes and wipes out all its local data making stuff like the daily challenges a waste of time.
Nokia would have had better luck sticking with meego/maemo, and the small, but stable, and rabidly loyal fanbois that were willing to shell out over $600 for a new unbranded phone, just for meego/maemo.
Yeah... We'll see how it works with Jolla.
My exception safety is -fno-exceptions.
Prior to this news, I had no interest at all in Windows 8, but now I'm thinking about actually considering trying a pirated version of Windows 8 out on one of my junk test machines for a short time.
Does anyone else find it weird that he released this, espcically before a fix is out? Thats common courtesy in security. Even more wouldn't this hurt his company more then Microsoft?
how is changing an attribute in a config file 'pirating'? for that matter if he'd patched a binary instead would that have been pirating?
sag
You wouldn't download a loaf of bread...
Because if you don't own it, why the hell should I buy it?
Just an Angel. What poetic irony!
> It's easy to blame Microsoft for this, but isn't this really an issue that is intrinsic to all installed applications?
No one read John Carmack's "don't let the client control anything" screed several years back, about how gaming systems cannot let the client code *know* or *control* things, because then it could be replaced with something that would cheat on the user's behalf, by looking around corners for bad guys and such?
This is the same exact thing, as far as I can see...
http://www.catb.org/esr/writings/quake-cheats.html
Your analogy isn't nearly insane enough to reflect reality. You're trying to make it sound reasonable, and I think that's dishonest.
You walk into a store and buy a loaf of bread. You know a magic spell that turns a loaf of bread into tastier loaf of bread, which could probably be sold for more. The baker wants you to NOT BE ALLOWED TO BUY the bread, unless you signed a promise to not cast your magic spell.
But the baker forgot to do that; the baker sold the bread to a store, and the store's cashier was either never instructed to refuse bread sales to people who don't sign contracts, or else the cashier blew off or forgot to follow those instructions. Maybe the store told the baker "fuck that, it would result in long lines, so we're not selling your bread on those conditions, take or leave it because we can find plenty of other bakers."
So you were allowed to buy the bread anyway, without having to jump through hoops involving promises to abstain from magic. Then you took it home and cast your magic spell on the bread, ending up with a yummier loaf. And the baker mumbled something about "theft" while everyone looked at him as though he were insane.
Customers think they're buying things, prior to the sale no attempt is ever made by the "seller" that they don't really intend to sell anything (but rather, they wish to solicit a license agreement), a purchase happens which in every way totally indistinguishable from someone buying a loaf of bread three thousand years ago with nary a word mentioned about contracts, the customer leaves the store in apparent possession of the item and takes it home, never the wiser that the seller didn't want to sell.
Then later after the customer has eaten some of the bread, he finds a secret message inside of the loaf, that the baker didn't mean to sell it, please sign this contract and mail it to the baker. Or worse, maybe he doesn't find the message, or he finds it but doesn't bother to read it since it's obviously not bread. And yet, somehow, months later, the baker tries to make a case for the "fact" that no sale ever actually occurred, but that the "customer" was actually a licensee instead, and here's the contract they signed to proo-- oh wait, where's the contract they signed? Well, ok, the baker doesn't have one, and in fact there's no evidence that the two parties ever communicated at all or even did any business of any kind with each other, but no really, there was a contract between these two parties who never met or whose representatives never met or communicated with each other. And claiming there wasn't a contract, is obviously an attempt by the customer to steal the bread that they paid for.
The above absurdity is getting threateningly close to being mainstream-accepted, and has been accepted in some courts. That's how insane we are, and that's what all EULA/"theft" stories are about.
In more recent Reuters news, Reuters, 2012-10-11 "Vringo bets on patent lawsuits to drive revenue growth"
(but, that's for other patents, not the Nokia patents, as it says later: )
A straight disassembly is not "the preferred form of the work for making changes", as the GPL defines source code. For one thing, variable names and other debugging symbols have likely been stripped from the release binary, and if a variable is placed in a register, the variable name might not be present at all even before stripping. To become source code, a disassembly has to be heavily annotated like SMBDis.
Why would I want ads in my applications?
Because otherwise, you'd have to pay for them, and some kinds of application aren't feasible to distribute as free software. I can go into detail if you want.
Sony is a prime example of how such conflicting interests can even hurt the company itself, Sony crippled the otherwise quite decent Mini-disc because it feared piracy more then lost hardware sales.
Are you sure Sony's hand wasn't forced by the other major record labels and their demands for the Serial Copy Management System?
Less physically accessible hardware will have alternatives that are more open and respect the user's wishes.
Between the mid-1980s and the beginning of HDTV popularity in 2007, the most popular set-top computing device was a major video game console. The consoles were locked down to prevent a repeat of the 1983 recession in the North American video game market. What was the alternative to these that displayed on a TV yet respected the user's wishes?
How should an application perform such validation while disconnected from the Internet? If this is impossible, you have just added $600 per year for a mobile broadband subscription to some users' total cost of running the application.
If you just want to offer a trial, don't give us the entire app maybe?
Then how do you recommend to give a subscriber access to the entire app for 30 days and then take it away once the trial or rental period has expired?
They do if you get them right.
You are given a single piece of sample bread that has a coin-operated tag on it saying "Insert $2 to pull the tag and get a full loaf of bread". When you drop in some metal washers and pull the tag to get a free loaf, you're depriving the grocery store not of a full loaf of bread but the $2 that you were expected to pay to get that bread. You're guilty of breaking the contract between seller and buyer, which is defined as theft.
Remember that it was Sony who fought AGAINST the content industry over the home video recorder. It was when Sony bought into the content industry that their attitudes changed.
Philips went the opposite way, they used to own a content branch, when they sold it, they produced DVD copiers (rip to HD), something that the content industry was definitely not happy with.
Of course, the rest of the content industry was happy for Sony to change its attitude but they couldn't force it to. Remember that so far all the DRM has been added voluntary, not through court orders. That is why you can buy from Sharp (or could) mini-disc portable recorders which allowed digital copies (something Sony only allowed on its industry gear, because that branch of Sony has other interests then the consumer branch).
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.