Slashdot Mirror

← Back to Stories (view on slashdot.org)

Nokia Engineer Shows How To Pirate Windows 8 Metro Apps, Bypass In-app Purchases

Posted by Soulskill on from the internet-never-forgets dept.

MrSeb writes "The principal engineer for Nokia's WP7 and WP8 devices, Justin Angel, has demonstrated, in rather frank detail, how to pirate Windows 8 Metro apps, how to bypass in-app purchases, and how to remove in-game ads. These hacks aren't exactly easy, but more worryingly they're not exactly hard either. Angel shows that turning a trial version of a Metro app into the full version — i.e. pirating an app — is scarily simple. It's just a matter of downloading an open-source app and changing an XML attribute from 'Trial' to 'Full.' Likewise, a quick change to a XAML file can remove an app's ads. Bypassing in-app purchases is a little trickier, involving some reverse engineering of some DLLs and and decryption of database files, but Angel still makes it look fairly easy. Angel gives himself one million credits in Soulcraft, an RPG game — something that would cost you over a thousand dollars, if you performed a legitimate in-app purchase. Angel also demonstrates a way to bypass in-app purchases in WinJS (Metro/JavaScript) apps, by injecting scripts into IE10 (the rendering engine for WinJS apps). It's easy to blame Microsoft for this, but isn't this really an issue that is intrinsic to all installed applications? The fact is, Windows 8 Metro apps are stored on your hard drive — and this means that you have access to the code and data. Hex editors, save game editors, bypassing Adobe's 30-day trials by replacing DLL files, pirating Windows 8 apps — these are all just different incarnations of the same attack vectors."

9 of 268 comments (clear)

  1. I detect spin... by Press2ToContinue · · Score: 1, Interesting

    Apple and Android platforms also suffer from hacking - their piracy rates are at 60% by some:
    http://www.theverge.com/2012/8/7/3225154/dead-trigger-dev-interview-piracy-android-ios
    This does not make Windows 8 any worse than the competition. In fact, it looks somewhat better from this article because the hacks are lengthier, at least for the present.

    --
    Sent from my ENIAC
    1. Re:I detect spin... by History's+Coming+To · · Score: 3, Interesting

      To be honest, I see this as good news. There's no real security threat for the user (assuming any login process is done server side) and means that the software in question is, at least in theory, configurable by the user. The Linux equivalent of this article is "Linux allows your to customise your software with editable config files" - OK, he's having to do it the hard way, but it's a first step, and at least it shows a certain resilience to loss of network connection in principle. This is probably the most positive article on Win8 I've read so far.

      --
      Please consider this account deleted, I just can't be bothered with the spam anymore.
    2. Re:I detect spin... by hairyfeet · · Score: 4, Interesting

      I wouldn't call it spin, I'd just call it another example of how appstores don't do shit to stop piracy and frankly suck.

      The ONLY distribution service where I can truly say "Its worth it" is Steam, because they give me cheaper prices, often with all the games AND all the DLC included in one low price, they give me an excellent chat client built in (in fact I got rid of my regular chat client since everybody I cared to chat with already was on Steam)along with all updates to my games automated, a really nice community that is quite helpful, and excellent customers service even when I would have honestly not been mad if it took awhile, such as during their crazy volume Xmas sale.

      But from what I've seen all these new "appstores" frankly don't give you dick for advantages, and a hell of a lot of downsides. so is it any surprise that some choose to bypass the bullshit? Hell I bought Bioshock II yet played the pirate version for nearly 2 years, simply because I fricking hate GFWL. I honestly don't blame anybody who wants to bypass these appstores as from what I've seen they are all sucky and just not worth the bullshit.

      Oh and I have to point out you're wrong (Someone on the Internet is Wrong! I must swing into action!) because it honestly doesn't matter HOW "long" the hacks are, thanks to the smart cow problem. I mean do you think your average person could hack SecuROM or Starfuck or write their own hacked bootloader like the pirates did with Win 7 and Win 8? Nope but they can read an NFO file "how to" packed along with all the pre-hacked files in a nice .RAR from TPB, that's not hard at all. All it takes is ONE guy to get it right for even your average 13 year old to be able to do this shit, just you watch they'll be pirated game apps with all the call homes removed and a million credits sitting in the character's account, just as many of the pirated PC games would often include a trainer that let you push a button and give your character everything from unlimited bullets to unlimited money.

      at the end of the day you simply have to make the appstore a better value to the consumer than the pirate version but so far from what I've seen most of these corps don't get that. Instead they see it as a great chance for lock in, skimming a percentage of every sale, and for nickeling and diming the user to death. I mean could I not pirate every game I have in Steam? Sure and in fact many of the pirated versions are the Steam version with hacks, but why should I? The games are cheap, the extras are nice, and its as easy as "push button to get game" so i simply see no point and THAT is what these appstores are gonna have to do, make it so using their service is so much nicer than dealing with the pirated version that many won't bother.

      --
      ACs don't waste your time replying, your posts are never seen by me.
  2. Attack vector? by XanC · · Score: 4, Interesting

    There's no attack here. Somebody's modifying software on his own machine for his own use.

  3. Re:Bruce by Arker · · Score: 2, Interesting

    As another poster already aptly pointed out, it's more like a lock inside your house to prevent you from accessing some of the rooms without paying an additional 'unlocking fee.' Anyone who tries that kind of scam shouldnt be surprised if the homeowner avails himself of a less expensive method of unlocking.

    --
    =-=-=-=-=-=-=-=-=-=-=-=-=-=-
    Friends don't let friends enable ecmascript.
  4. Re:Nothing new here.. by mpicker0 · · Score: 4, Interesting

    On the C-64 version of Ultima IV, you could flip the floppy disc upside down and then move your character until the next portion of the map was loaded. It read data directly off the disc with no validation, because the map squares then had all kinds of random items on them, a good number of which were treasure chests. As soon as you got enough gold, you just flipped the disc back over and played normally.

  5. Who do you think you are kidding? by westlake · · Score: 3, Interesting

    There's no attack here. Somebody's modifying software on his own machine for his own use

    Without paying for it.

    Some would call it a hack, others simply theft.

    The geek earns his bad press. That is how he loses control over the meaning of words like hack and hacking.

  6. The problem with pirating.... by bmo · · Score: 4, Interesting

    ...Win8 apps, is that you still wind up with Windows 8 apps.

    I have to speculate on the motivation behind this how-to guide. Microsoft has known for a long time that piracy fuels market share. Bill Gates said publicly so in 1998, and every time Ballmer hops up and down about turning the copyright protection knob to 11, saner minds prevail and he shuts up.

    This hasn't been released without behind-the-scenes official blessing and encouragement from Microsoft.

    --
    BMO

  7. Re:I detect a fired employee by Bert64 · · Score: 4, Interesting

    Well he works for Nokia, so chances are he would have been out of a job soon anyway.

    On the other hand, piracy has usually been good for the underlying platform, perhaps MS/Nokia are doing this as a way to encourage piracy and thus attract more users to the platform.

    Given how easy the hack was, perhaps this was their intention all along only their platform proved so unpopular that noone ever bothered trying.

    --
    http://spamdecoy.net - free throwaway anonymous email - avoid spam!