Slashdot Mirror
Nokia Engineer Shows How To Pirate Windows 8 Metro Apps, Bypass In-app Purchases
MrSeb writes "The principal engineer for Nokia's WP7 and WP8 devices, Justin Angel, has demonstrated, in rather frank detail, how to pirate Windows 8 Metro apps, how to bypass in-app purchases, and how to remove in-game ads. These hacks aren't exactly easy, but more worryingly they're not exactly hard either. Angel shows that turning a trial version of a Metro app into the full version — i.e. pirating an app — is scarily simple. It's just a matter of downloading an open-source app and changing an XML attribute from 'Trial' to 'Full.' Likewise, a quick change to a XAML file can remove an app's ads. Bypassing in-app purchases is a little trickier, involving some reverse engineering of some DLLs and and decryption of database files, but Angel still makes it look fairly easy. Angel gives himself one million credits in Soulcraft, an RPG game — something that would cost you over a thousand dollars, if you performed a legitimate in-app purchase. Angel also demonstrates a way to bypass in-app purchases in WinJS (Metro/JavaScript) apps, by injecting scripts into IE10 (the rendering engine for WinJS apps). It's easy to blame Microsoft for this, but isn't this really an issue that is intrinsic to all installed applications? The fact is, Windows 8 Metro apps are stored on your hard drive — and this means that you have access to the code and data. Hex editors, save game editors, bypassing Adobe's 30-day trials by replacing DLL files, pirating Windows 8 apps — these are all just different incarnations of the same attack vectors."
There's no attack here. Somebody's modifying software on his own machine for his own use.
SPIN? Of course you can do these on other platforms! Article is clearly an M$ shill.
Its nothing that hasn't been done for as long as I've used computers.
Yes, you can change code and work around everything.
SecureBoot with a fully trusted chain makes it impossible ... right up until an exploit is found in the chain.
Cracking isn't new, and this isn't particularly impressive. Not that credit isn't do for pointing it out, the guy is the 'First Post' so to speak, but other than that, its just 'meh, I did this when I was 15' and it was harder then as programmers weren't so lazy to store things in easily editable unsigned XML files since MOST people using computers had a bit of a clue.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Bruce Schneider just facepalmed. How many times do you people need to be told client side security doesn't work? Of course the Windows 8 store got hacked: No matter how much you try to lock it down, all you're doing is just giving some bored teenagers and underemployed/unemployed programmers something to challenge them. The Playstation 3 had some very advanced client-side security. It still got broken. It took them awhile, but it fell, as all client side security must. If you have physical access to the hardware, you own it. It may take a mod chip, it may take a special program, or technical knowledge, but the problem is one that although the skillset required to hack it may be highly specialized, once that single success happens, everybody reaps the benefits within hours to months. And there are far more bored engineers than there are DRM proponents. All client-side DRM has ever accomplished is frustrating and annoying paying customers.
This isn't news. This isn't even interesting. Hell, let's be honest here -- how many of you work at a company that has plans to migrate to Windows 8? Support it for people who have it at home? How many of you are planning on making it your primary operating system?
I see very few hands. This operating system exploded on the launch pad. It's an attempt to emulate Apple, and they botched it so hard that senior Microsoft executives will be getting handed pink slips by the end of next year -- I'd wager serious money on that. Microsoft lost its ability to innovate awhile ago... now it just follows where the market goes, maintaining a profit margin but never pushing the margins of the technology. The reasons for this are many and beyond the scope of this post...
But don't act surprised when someone cracks a client-side security scheme. No implimentation of it has denied a determined attacker with the resources of a private individual or (at worst) a small company to date. It has a fundamental design flaw that cannot be corrected.
#fuckbeta #iamslashdot #dicemustdie
I did this when I was 15'...
Damn! How tall are you now?
“He’s not deformed, he’s just drunk!”
I really hope Nokia realized that when they sold their soul to MS they don't get to say what they want anymore. They are tied to a much stronger company, who literally controls their only chance at having any relevance in smartphones. When they had options, and in-house OS production they might have been able to say what they wanted, and risk souring one of many relationships. Now it's all the eggs in one place, with a company not known for treating even perfect partners with an ounce of respect.
I wonder if this guy hates his job/Nokia/Microsoft. I meant if he loves his company, he should have contacted Microsoft, and get fixed, then perhaps gets some street cred by publishing some news report.
I am not sure if this kind of activity would sour the relationship between Microsoft and Nokia. Perhaps that's actually his goal.
To be fair, I don't believe there is a jailbreak for iOS6 or any of the new iDevices. So I imagine that number must have gone down. Of course the general gist of what you say is accurate. If WP8 gains any relevance at all I expect them to be in the same boat Apple and Google are in.
how else would they increase their user base.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
Roll Windows 8 back to Windows 7?
If you could reason with religious people, there would be no religious people
wow 7:21PM. Heres a clue when trolling slashdot wait a few minutes before posting.
But it's XML. The framework doesn't let anybody do that! Why would anyone mess around with a text editor, or grep for strings like "trial"? You don't need a filesystem, you just need <QUANTITY="MOAR">XML</QUANTITY>. Separate your data from the presentation and the application, and let some other level of abstraction deal with everything else.
"The more they overthink the plumbing, the easier it is to stop up the drain."
- Commander Montgomery Scott (Ret.)
Another victim of our failing educational system...
The fact the measurement is still in Imperial units in 2012 indicates it failed a long, long time ago.
Calling someone a "hater" only means you can not rationally rebut their argument.
On the C-64 version of Ultima IV, you could flip the floppy disc upside down and then move your character until the next portion of the map was loaded. It read data directly off the disc with no validation, because the map squares then had all kinds of random items on them, a good number of which were treasure chests. As soon as you got enough gold, you just flipped the disc back over and played normally.
There's no attack here. Somebody's modifying software on his own machine for his own use
Without paying for it.
Some would call it a hack, others simply theft.
The geek earns his bad press. That is how he loses control over the meaning of words like hack and hacking.
Only because the MPG rating allows comparisons with US ratings often published in Canada as well.
Meanwhile, the USA has officially been metric for years but posts speeds in mph.
- Michael T. Babcock (Yes, I blog)
To be honest, I see this as good news. There's no real security threat for the user (assuming any login process is done server side) and means that the software in question is, at least in theory, configurable by the user. The Linux equivalent of this article is "Linux allows your to customise your software with editable config files" - OK, he's having to do it the hard way, but it's a first step, and at least it shows a certain resilience to loss of network connection in principle. This is probably the most positive article on Win8 I've read so far.
Please consider this account deleted, I just can't be bothered with the spam anymore.
I prefer to use the term "Freedom Vectors" rather than "Attack Vectors". It's more honest to what you're actually doing.
If the only way you can accept an assertion is by faith, then you are conceding that it can't be taken on its own merits
We use *Imperial* gallons in our fuel efficiency ratings. The numbers cannot be compared directly to US gallons, as there are ~4.5 liters per Imperial gallon, and 3.785 liters per US gallon.
"Meanwhile, the USA has officially been metric for years but posts speeds in mph."
You didn't say Imperial was metric, but you kind of implied it, intentionally or not. Which might confuse people. So, to clarify:
"Imperial" units have nothing whatever to do with the metric system, just as the old U.S. SAE system also had little to do with the metric system. Imperial units are a third measurement system, separate from both U.S. and metric.
[oblig]: Handy fact: "miles-per-gallon" (Imperial gallons mind you) is equivalent to "furlongs-per-pint" :)
I'll get my coat ...
If you don't pray in my school, I won't think in your church.
Yes, you can change code and work around everything.
SecureBoot with a fully trusted chain makes it impossible
It could make it impossible, but it does not - Win8 does not encrypt the installed apps, nor does it restrict the user from modifying them (the default account permissions do not allow access, but you can always elevate to admin and override them). No rooting required.
So in this case the curious part is not that it's modifiable, but rather how easy it is. Especially with HTML5/JS apps, where you can literally edit the code in-place (no surprise there).
IIRC, this used to be the case for Android as well, but Google has recently introduced on-device encryption for apps installed from the store, so that it's not that easy, at least.
Encryption isn't required. Digital signatures will do the trick. Sure, modify away. Doesn't mean it'll get loaded as soon as the signature check fails.
Encryption isn't even useful. The decryption keys MUST be there in order for it to be run, so all you're doing is slowing things down for no benefit.
Digital signatures on the other hand, do accomplish the goal without providing the keys required to create new signatures.
Without looking, I'd wager what you mean is that Android uses digital signatures now much like iOS, the PS3, Xbox 360 and ... the Linux kernel (3.7) to verify binaries.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Experimentation, maybe? Trying out stuff, see what happens when you push the limits?
"Science can amuse and fascinate us all, but it is engineering that changes the world. " - Asimov.
Anonymous Coward = Anonymous Coward
Sent from my ENIAC
Encryption is useful if you want to prevent reverse engineering, and not just modification. And, of course, with private key encryption, you don't have to provide the keys required to encrypt more binaries.
yeah, after they hired an ex-microsoftie VP, who made nokia an all windows shop, putting all of nokia's smart phone eggs the windows 8 basket, which has been the most glorious flop in history.
Nokia would have had better luck sticking with meego/maemo, and the small, but stable, and rabidly loyal fanbois that were willing to shell out over $600 for a new unbranded phone, just for meego/maemo.
windows 8 does not garner that level of excitement, or consumer enthusiasim.
...Win8 apps, is that you still wind up with Windows 8 apps.
I have to speculate on the motivation behind this how-to guide. Microsoft has known for a long time that piracy fuels market share. Bill Gates said publicly so in 1998, and every time Ballmer hops up and down about turning the copyright protection knob to 11, saner minds prevail and he shuts up.
This hasn't been released without behind-the-scenes official blessing and encouragement from Microsoft.
--
BMO
Its nothing that hasn't been done for as long as I've used computers.
Come on BitZtream, we've been over this many times before. This is " on a mobile device ", so it's never been done before. Get with the times, man.
--- Keep the choice with the user..
...but I couldn't find a single Metro-app or game worth the effort!
PS3 security worked for the vast majority of the PS3's profitability window. For you to claim that "client side security doesn't work" just because you brazenly assert this doesn't make it true. Clearly, it DID work in the case of PS3 and allowed Sony and associated developers to earn far more profit despite the presence of thieving "bored teenagers" that were actively trying to crack it.
Your claim that "windows 8 is an attempt to emulate apple" is also nonsense. Windows 8 may or may not be many things, but " an attempt to emulate apple" it is certainly not
"But don't act surprised when someone cracks a client-side security scheme. No implimentation of it has denied a determined attacker with the resources of a private individual or (at worst) a small company to date. It has a fundamental design flaw that cannot be corrected."
There were HUGE rewards to be had for those who cracked Ps3 and the problem was very seriously considered by quite a few groups for some time without success. But,. you know, what is an actual exmaple, now several years old, of effective DRM compared to your wishful thinking?.
Hacking != theft.
If you walk into a grocery store, are handed a free sample of a loaf of bread, then somehow alter that sample to magically grow into a full sized loaf of bread, is that theft?
Theft analogies don't apply to software.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
Publishing this seems like a pretty pathetic move to boost Win8 Sales
"Look! You now even can get Apps for free for Win8"
bickerdyke
Remember MS-DOS? It was this upstart operating system which came basically without copy protection for either itself or the software that ran on it; it became quite popular.
Now we have Win8/RT/whatever, which is an upstart operating system in the mobile world which comes basically without copy protection for itself or the software that runs on it...
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
A lot of people have had issues with MS going the walled garden route but the true reason to fear it a bit more complex.
Up until quite recent, MS didn't really care about piracy of its own products and not at all about piracy of 3rd party products. After all, illegal copies helped MS software spread to the home, so people got used to it and demanded it in the office where they didn't need retraining. Then MS just made its money from office installs and everyone was happy. It worked VERY well for MS.
MS cared even less for what happened to 3rd party applications, after all, the more usable a Dos/Windows install was, the more it would become the dominant force. Adobe itself also doesn't really care about amateurs/students using illegal copies of Photoshop, just as long as you become a paying customer once you make money with it, they do fine.
But with a payed walled garden, MS has a stake in 3rd party sales. Piracy hurts its bottom line. The only way to stop this is Trusted Computing. Before the payed walled garden, MS had no real need of its own for Trusted Computing. Now it does. So it will push for it even harder.
It is the same reason why MS going into hardware is a bad thing. Before, MS had no reason to fear people installing Linux on a Dell. But installing Linux on a subsidized MS piece of hardware? NO!
Consider this, a pure data ISP doesn't care what goes over its lines, hence why Skype on the PC was never an issue. But a ISP that sells other services, like voice calls for a fee, DOES care. See the ban on Skype by many mobile providers.
And a ISP that sells music/movies has itself an interest in stopping people from getting them elsewhere.
Sony is a prime example of how such conflicting interests can even hurt the company itself, Sony crippled the otherwise quite decent Mini-disc because it feared piracy more then lost hardware sales.
My worry about Windows 8 app store isn't in how it performs but in that it is turning what was a remarkably open system into a closed one. With no benefit to me.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
I did this when I was 15'...
Damn! How tall are you now?
That's not his height. He meant to say he was 15 minutes old then.
Windows 8 doesn't come with a Mahjong game any more, instead it's on the app store but it's still made and supported by Microsoft. I couldn't care less about that. What I do care about is the thing has this unskippable fucking ads that appear at random between levels, and are always promoting some other game called Tap Tiles. It's highly annoying behaviour, made worse because along with it Mahjong has turned into a buggy mess which randomly crashes and wipes out all its local data making stuff like the daily challenges a waste of time.
If you're capable of reverse engineering the program itself, then you are also capable of reverse engineering the program that decrypts it so you can extract the keys anyway. Encryption would never be more than a minor nuisance for someone wanting to reverse engineer programs.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
There are several different hacks for the xbox 360, the most popular of which is the "jtag hack"... People wanting to copy games emulate the DVD however because its harder to detect, and thus less likely to get banned from xbox live.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Well he works for Nokia, so chances are he would have been out of a job soon anyway.
On the other hand, piracy has usually been good for the underlying platform, perhaps MS/Nokia are doing this as a way to encourage piracy and thus attract more users to the platform.
Given how easy the hack was, perhaps this was their intention all along only their platform proved so unpopular that noone ever bothered trying.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
I wouldn't call it spin, I'd just call it another example of how appstores don't do shit to stop piracy and frankly suck.
The ONLY distribution service where I can truly say "Its worth it" is Steam, because they give me cheaper prices, often with all the games AND all the DLC included in one low price, they give me an excellent chat client built in (in fact I got rid of my regular chat client since everybody I cared to chat with already was on Steam)along with all updates to my games automated, a really nice community that is quite helpful, and excellent customers service even when I would have honestly not been mad if it took awhile, such as during their crazy volume Xmas sale.
But from what I've seen all these new "appstores" frankly don't give you dick for advantages, and a hell of a lot of downsides. so is it any surprise that some choose to bypass the bullshit? Hell I bought Bioshock II yet played the pirate version for nearly 2 years, simply because I fricking hate GFWL. I honestly don't blame anybody who wants to bypass these appstores as from what I've seen they are all sucky and just not worth the bullshit.
Oh and I have to point out you're wrong (Someone on the Internet is Wrong! I must swing into action!) because it honestly doesn't matter HOW "long" the hacks are, thanks to the smart cow problem. I mean do you think your average person could hack SecuROM or Starfuck or write their own hacked bootloader like the pirates did with Win 7 and Win 8? Nope but they can read an NFO file "how to" packed along with all the pre-hacked files in a nice .RAR from TPB, that's not hard at all. All it takes is ONE guy to get it right for even your average 13 year old to be able to do this shit, just you watch they'll be pirated game apps with all the call homes removed and a million credits sitting in the character's account, just as many of the pirated PC games would often include a trainer that let you push a button and give your character everything from unlimited bullets to unlimited money.
at the end of the day you simply have to make the appstore a better value to the consumer than the pirate version but so far from what I've seen most of these corps don't get that. Instead they see it as a great chance for lock in, skimming a percentage of every sale, and for nickeling and diming the user to death. I mean could I not pirate every game I have in Steam? Sure and in fact many of the pirated versions are the Steam version with hacks, but why should I? The games are cheap, the extras are nice, and its as easy as "push button to get game" so i simply see no point and THAT is what these appstores are gonna have to do, make it so using their service is so much nicer than dealing with the pirated version that many won't bother.
ACs don't waste your time replying, your posts are never seen by me.
We are most decidedly not metric. However, if we could get new speed limits with slightly higher values in km, I'd be willing to bet people would be happy to convert. Add in standard world wide recognized signage, and we'd be off to a great start. (a nice red circle sign instead of a B&W huge square sign that also has many many other uses)
The cesspool just got a check and balance.
> It's easy to blame Microsoft for this, but isn't this really an issue that is intrinsic to all installed applications?
No one read John Carmack's "don't let the client control anything" screed several years back, about how gaming systems cannot let the client code *know* or *control* things, because then it could be replaced with something that would cheat on the user's behalf, by looking around corners for bad guys and such?
This is the same exact thing, as far as I can see...
http://www.catb.org/esr/writings/quake-cheats.html
15 minutes of angle old? That's... an odd way to put it?
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
I'm so sick of this "If you like something u must be a shill ZOMFG!" horseshit, i really fucking am. I mean if someone says they like their iPhone, does that mean they work for Cupertino?
The simple fact is I can think of NO app selling service other than Steam whose whole attitude isn't "fuck u and give me money bitch", can you? GFWL will show you NOTHING but Xbox games, even when you are in Windows using GFWINDOWS LIVE, because some PHB put out a PPT and said "Herps derp, product, herp derp metrics, on message derpa de derp" and the rest feel like being stuck in the 90s with Bonzi Buddy "You want to buy? How about buy? You buy now?"
So excuse the fuck out of me that I have found one service I actually like buying from, as opposed to just pirating everything. If you haven't figured it out yet I'll clue you in, like Win 7, hate Win 8, like Comodo's AV and browsers, don't like AVG, like AMD and Asus/Asrock (although not Bulldozer on AMD) and don't like Intel and MSI. Oh and I like pizza with a nice layer of creamy mashed potatoes on top.
So there you go, you can now tell me how I'm actually a millionaire with product deals with everybody from Redmond to the Idaho farmers group, oh and I fly an invisible jet I stole from Wonder Woman and am not freezing my balls off during a cold snap in the south, I'm secretly blogging from South America next to Elvis whose been here since 79.
ACs don't waste your time replying, your posts are never seen by me.
Sony is a prime example of how such conflicting interests can even hurt the company itself, Sony crippled the otherwise quite decent Mini-disc because it feared piracy more then lost hardware sales.
Are you sure Sony's hand wasn't forced by the other major record labels and their demands for the Serial Copy Management System?