Windows 8 Apps easily pirated

vbimport

#1

Original url: http://www.extremetech.com/computing/143002-how-to-pirate-windows-8-metro-apps-bypass-in-app-purchases-and-more

The principal engineer for Nokia’s WP7 and WP8 devices has demonstrated, in rather frank detail, how to pirate Windows 8 Metro apps, how to bypass in-app purchases, and how to remove in-game ads. These hacks aren’t exactly easy, but more worryingly they’re not exactly hard either.

On his blog Justin Angel shows that turning a trial version of a Metro app into the full version — i.e. pirating an app — is scarily simple. It’s just a matter of downloading a free, open-source tool, and then using it to change a Metro app’s XML attribute from “Trial” to “Full.” Likewise, a quick change to a XAML file can remove an app’s ads.

Bypassing in-app purchases is a little trickier, involving some reverse engineering of some DLLs and and decryption of database files, but Angel still makes it look fairly easy. Angel gives himself one million credits in Soulcraft, an RPG game — something that would cost you over a thousand dollars, if you performed a legitimate in-app purchase. Angel also demonstrates a way to bypass in-app purchases in WinJS (Metro/JavaScript) apps, by injecting scripts into IE10 (the rendering engine for WinJS apps).

Ultimately, all of these hacks represent ways of getting stuff for free. This is obviously bad news for developers, who probably don’t realize that by allowing trial downloads they are opening themselves up to piracy. In-app ads and purchases are massive revenue streams for developers, and yet we now see that it’s very easy to circumvent both.

You can protect these files with encryption — and indeed, some of them are — but that’s no good if you have access to the code that performs the encryption. As Angel says, “We have the algorithm used for encryption, we have the hash key and we have the encrypted data. Once we have all of those it’s pretty simple to decrypt anything.” Angel notes that there are some security mechanisms in place that stopped him from directly editing app DLL and JS files, but, as we can see, that didn’t stop him from pirating apps or bypassing in-app purchases.

It’s easy to blame Microsoft for this, but really this is an issue that is intrinsic to all installed applications. The fact is, Windows 8 Metro apps are stored on your hard drive — and this means that you have access to the code and data. In general, every installed application is vulnerable to these kinds of attacks. Hex editors, save game editors, bypassing Adobe’s 30-day trials by replacing DLL files, pirating Windows 8 apps — these are all just different incarnations of the same attack vectors.