Searching...
Wednesday, December 12, 2012

How to pirate Windows 8 Metro apps, bypass in-app purchases, and more

12:33 AM

The principal engineer for Nokia’s WP7 and WP8 devices has demonstrated, in rather frank detail, how to pirate Windows 8 Metro apps, how to bypass in-app purchases, and how to remove in-game ads. These hacks aren’t exactly easy, but more worryingly they’re not exactly hard either.

Image credit : extremetech

On his blog (Google cache), Justin Angel shows that turning a trial version of a Metro app into the full version — i.e. pirating an app — is scarily simple. It’s just a matter of downloading a free, open-source tool, and then using it to change a Metro app’s XML attribute from “Trial” to “Full.” Likewise, a quick change to a XAML file can remove an app’s ads.

Image credit : extremetech


Bypassing in-app purchases is a little trickier, involving some reverse engineering of some DLLs and and decryption of database files, but Angel still makes it look fairly easy. Angel gives himself one million credits in Soulcraft, an RPG game — something that would cost you over a thousand dollars, if you performed a legitimate in-app purchase. Angel also demonstrates a way to bypass in-app purchases in WinJS (Metro/JavaScript) apps, by injecting scripts into IE10 (the rendering engine for WinJS apps).

Image credit : extremetech


Ultimately, all of these hacks represent ways of getting stuff for free. This is obviously bad news for developers, who probably don’t realize that by allowing trial downloads they are opening themselves up to piracy. In-app ads and purchases are massive revenue streams for developers, and yet we now see that it’s very easy to circumvent both.

You can protect these files with encryption — and indeed, some of them are — but that’s no good if you have access to the code that performs the encryption. As Angel says, “We have the algorithm used for encryption, we have the hash key and we have the encrypted data. Once we have all of those it’s pretty simple to decrypt anything.” Angel notes that there are some security mechanisms in place that stopped him from directly editing app DLL and JS files, but, as we can see, that didn’t stop him from pirating apps or bypassing in-app purchases.

It’s easy to blame Microsoft for this, but really this is an issue that is intrinsic to all installed applications. The fact is, Windows 8 Metro apps are stored on your hard drive — and this means that you have access to the code and data. In general, every installed application is vulnerable to these kinds of attacks. Hex editors, save game editors, bypassing Adobe’s 30-day trials by replacing DLL files, pirating Windows 8 apps — these are all just different incarnations of the same attack vectors.

The only real solution is to provide some kind of server-side sanity checking: You hack the software from Trial to Full — but when you log in, the server knows that you haven’t bought the software, and so it reverts you back to Trial mode. You give yourself one million credits — but the server checks your purchase history, knows that you cheated, and so resets your credits back to zero. The problem with this route, of course, is that it requires you to be online — and you know how we feel about always-on DRM. Plus, it’s very easy to disable server-side checks with a little Hosts file hacking.

In short, Windows 8 Metro apps have been hacked, and it’s now just a matter of time until some enterprising developer creates a one-button tool that pirates trial apps, unlocks every in-app purchase, and removes in-app ads. There are certainly changes that Microsoft could make to shore up the security of Metro apps, but it would only delay the inevitable. Really, this is just a natural part of Windows 8′s evolution.

Source : extremetech
View the original source

0 comments:

Post a Comment