Windows Phone 7 Marketplace Hack Demonstrated 89
broggyr writes "Seems it didn't take long to hack the Windows Phone 7 marketplace. Quoting WPCentral: 'For developers, the weakness in Microsoft's DRM for Windows Phone 7 applications has been well known for quite some time, and there have been calls for Microsoft to address these concerns ... Since then, a "white hat" developer has provided WPCentral with a proof-of-concept program that can successfully pull any application from the Marketplace, remove the security and deploy to an unlocked Windows Phone with literally a push of a button. Alternatively, you could just save the cracked XAP file to your hard drive. Neither the app nor the methodology is public, and it will NOT be released ... It is important to note that this was all done within six hours by one developer.'"
A question of cash... (Score:4)
Neither the app nor the methodology is public, and it will NOT be released
Until / unless sufficient cash has been offered to the developer...
Re: (Score:2)
Has anyone really been far even as decided to use even go want to do look more like?
Re: (Score:2)
I shan't be mocked by what little intelligence is left on this dour corner of the web.
Begone!
Re: (Score:1)
You forgot "feeb". At least be consistent.
Re: (Score:2)
Re:A question of cash... (Score:4, Informative)
Either that or just call his mom and tell him to come upstairs for a while.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
>>>Has anyone really been far even as decided to use even go want to do look more like?
Oh leally? Well somebody set up us the bomb. We get signal. Main screen tuln on. All youl base are belong to us. What you say !! You have no chance to sulvive make youl time. Ha Ha! Take off every 'ZIG cause you know what you doing fol great justice - move ZIG.
And fulthemore:
ALL BASES OF CATS WERE DESTROYED.
IT SEEMS TO BE PEACEFUL. BUT IT IS INCORRECT.
CATS IS STILL ALIVE. ZIG-01 MUST FIGHT AGAIN.
(game re
Re: (Score:2)
... what.
Sad... (Score:2)
Re: (Score:2)
Someone should alert the local police in Eau Claire, WI that this asshole is impersonating Michael Kristopeit on the internet and trying to get slashdotters to come to poor Michael's house.
Re: (Score:3)
if one dev could do all that in half a day, it'll take less skilled hackers a few days to develop the same thing, with them now knowing that it's not only possible, but easy to do.
I give it less than a week before we see a kit or three floating around on the various torrent sites.
Re: (Score:3)
Neither the app nor the methodology is public, and it will NOT be released
Until / unless sufficient cash has been offered to the developer...
Apparently, this weakness was pointed out months ago (according to comments in TFA). The black hats probably all have it if they want it, so the associated monetary value for such an exploit is probably low and falling.
Re:A question of cash... (Score:4, Insightful)
To go by the PC experience, there are basically two motives behind cracking DRM on programs: You have the warez scene guys, who do it for the interest and the bragging rights, and tend to produce working(but in no way intended to look uncracked, particularly in areas like the installer, which will often be coated in the livery and distinctive symbols of the group that cracked it) releases that quickly get torrented around and make nobody any money worth noting. Second, you have the more professional set who(sometimes independently, sometimes piggibacking on the efforts of the first group) produce functioning cracked versions, intended to look as legitimate as possible(no flaming skull ascii art in the documentation...), mostly of expensive professional programs, for sale to the unsuspecting or unsophisticated as suspiciously cheap, but hardly free, "OEM" software.
Unless Windows Phone substantially differs from the iPhone or Android, and actually features a lot of available expensive pro stuff, the second group will be largely unmotivated(also, since MS controls the official market, it will be very difficult to fool n00bs into thinking that your cracked copy is a "real" version, even if sideloading is trivial). The first group might spring up, if the Windows Phone market becomes large enough to provide a pool of interested hackers; but(perversely) the sheer ease of cracking, at the present time, will likely bore them. Somebody will probably release a sideloader utility, at some point; but an active warez scene like that of the PC seems less likely, and an active "fake legitimate" scene seems less likely still.
Re: (Score:2)
Rude, just rude (Score:5, Funny)
Neither the app nor the methodology is public, and it will NOT be released
Kind of selfish, why should the only other owner of a Windows Phone 7 have to pay for their apps?
Re: (Score:3)
Re: (Score:1)
Re: (Score:2)
Neither the app nor the methodology is public, and it will NOT be released
Kind of selfish, why should the only other owner of a Windows Phone 7 have to pay for their apps?
Okay, I chuckled, but there's an interesting point here:
This is a good opportunity to validate the argument that Windows' popularity is what makes it so prone to attack. Given that Windows Phone 7 is a minor player in the mobile market, it should be exploited significantly less[*] than Android and IOS, for example. Let's keep an eye on this and see whether that hypothesis is borne out....
--------------
[*] For the sake of this experiment, let's postulate that 'less' means a smaller number of exploits overal
Re: (Score:2)
Neither the app nor the methodology is public, and it will NOT be released
And on the seventh hour, the Developer rested.
Biggest mobile disasters of 2010 (Score:2)
* Microsoft Kin
* iPhone antenna
* Windows Phone 7
Anything else we should add to the list?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Not a disaster. Just decent hacks.
Like the PS3 pseudorandom number. Like rooting various iStuff, or Android. You lock, we unlock. Simple as that.
Next?
Re: (Score:2)
VirginMobile eliminating the $15 "text all you want" plan.
Not exactly a disaster, but now customers must upgrade to the next tier & pay almost twice as much to get the same "unlimited texts" benefit. I don't buy Virgin's excuse that they were losing money on the $15 Texting plan. Texts cost practically nothing.
Re: (Score:2)
And the heat, water, and electricity must be "free" in your building.
2000 messages/month of "practially nothing" adds up, and I'm getting plenty of months like that when some "consultant" misconfigures my old, documented, robust alert system and just goes ahead and "turns on everything, to debug". Then everry single one of dozens or hundreds or even thousands of systems starts sending distinct alerts, because they've sidetracked my very careful hierarchy of "if this alert happens, it means the VPN is down:
Re: (Score:3)
Yes TEXTING does cost practically nothing. "When phones are on and waiting for a phone call or any type of data retrieval, they are ALWAYS connected to the cell phone tower. The phones and cell phone towers exchange little packets worth of information back and forth so when ever a call comes it, they can find you straight away. Can anyone guess how big the packets are that are sent between cell and tower? If you guess 160 characters, you are right." In other words they are charging for a service that s
Re: (Score:2)
Because nothing else in the world is priced according to the value the buyer places on it instead of according to the cost of production.
Nothing!
Re: (Score:2)
Which has nothing to do with my original point:
- VirginMobile claimed to be losing money on the $15 unlimited texting plan, so they eliminated it. But if texting costs nothing, then Virgin lost nothing. They were lying.
Re: (Score:2)
I wasn't replying to your original point.
But. Opportunity cost. Account management overhead. Support costs. Network capacity. etc.
Re: (Score:2)
Should be free? Because SMSCs cost nothing to implement and run, amirite? And the storage for the text messages is free amirite? Definitely the backhaul getting the text messages from point A to point B for transmission is free.
Text messages aren't free just because you say so. There's a very real cost associated, and one that someone has to pay for (like, I don't know, the customer). Whether the text message costs too much, well that's a different story. Considering I can flick 5000 text messages fo
Re: (Score:1)
Re: (Score:2)
Wait, are you telling me your network provider doesn't even bother re-delivering until the receiving phone ACKs it?
What sort of braindead implementation do you guys use!
Also, all of that equipment is still not free like commodore64_love claims. So there is a real cost involved. Especially when you consider the cost of the billing systems I explicitly didn't mention in my initial post.
Re: (Score:1)
Re: (Score:1)
Android sexting your boss? (Score:2)
This Android bug [engadget.com] seems pretty dour.
From the comments it seems like not every has this happen, but something to beware of!
Source code or didn't happen... (Score:1)
Will it get me free texting? (Score:2)
Or calls? We used to call this phreaking but I guess it's gone out of style.
Re: (Score:2)
Re: sig
The avalanche has already started, it is too late for the pebbles to mod, err vote.
Re: (Score:2)
How long till it hits the wild? (Score:2)
What's the over/under on how long till there's an exploit in the wild? A day?
It's OK (Score:1, Interesting)
Good Luck (Score:2)
(1) I think it will help Windows Phones get a reputation as a homebrew-capable platform, which will help it build street cred; (2) Microsoft will certainly respond to each of these hacks with counter-measures
Neither have been true of the iPhone, even though it's been jailbroken even before there were apps...
(3) if people are ripping off my apps, that must mean they really want them
That's the way I've always felt aout piracy. I don't think it represents many lost sales, if any, and in a way it can be good p
Re: (Score:2)
That's the way I've always felt aout piracy. I don't think it represents many lost sales, if any, and in a way it can be good publicity... although I have to say you underestimate the number of pirates that simply horde stuff instead of collecting just apps they want. But again, that's not a lost sale either....\
I'd mod you up if i could. There is definitely a class of "pirates" that are more like collectors than anything else... they just want to -have- it, not to -use- it. If it has a high retail price al
Re: (Score:2)
Take for instance systems that have been around awhile. The GBA only has 50 homebrew titles (maybe a few more that aren't on gbadev.org even if it is one of the main sites) Something newer like the Nintendo DS has approx 120 titles.
Compare that to
Homebrew competes with commercial games (Score:2)
I think companies would turn a blind eye if the vast majority of people used these hacks for homebrew only because it sells more hardware and can lead to more software sales.
Not necessarily. Homebrew competes with legitimate sales of commercial games that use the same rules. Nintendo might argue for every copy of Lockjaw DS [pineight.com] that gets downloaded and installed on an R4, it can't sell a copy of Tetris DS. Or Sony: for every copy of gpSP [wikipedia.org] running Gleam [racketboy.com] or Luminesweeper [pineight.com], it can't sell a copy of Lumines or Lumines II.
Re: (Score:2)
They do go after some of the tools (like R4) because it allows people to pirate games. I think most people just graviate towards more popular things. Pop music is generally rubbish but sells well. Lockjaw may very well be a better version of Tetris but doesn't have the name and isn't as flashy and will lack any connection to the leader boards at nintendowifi.com.
I
Re: (Score:2)
Lockjaw may very well be a better version of Tetris but doesn't have the name and isn't as flashy and will lack any connection to the leader boards at nintendowifi.com.
If the homebrew dswifi library were more mature when Lockjaw was being developed, then it probably would have had its own (parallel) leaderboard. It did have a few high score threads on tetrisconcept.com though.
I think if a single person was outputting something that was beating a whole team's effort they'd get hired straight away
Really? Consider the story of Bob's Game [wikipedia.org]. And consider that some people can't be hired because they have family obligations in a state with no video game studios.
incorrect info (Score:4, Informative)
This is the second slashdot article talking about a WP7 hack that wasn't really a hack. People are having trouble jailbreaking the thing, so we keep seeing articles about meaningless hacks as everyone wants to know when it is really jailbroken.
Why is this bad? (Score:2)
Would you really want your phone locked down so you can't get at it? What is the objection here?
Re: (Score:2)
Obvious troll is obvious.
Does it matter? (Score:2)
It doesn't matter in my eyes; if people are going to want to crack the DRM, they will, if they don't want to steal, they won't. Hey, if I wanted to, I can probably look up how to pirate iPhone apps somewhere on the internet. Pretend these apps were music files or computer games for a second. We have always called for less invasive DRM on both fronts so that people who will to steal the software and files still will do it and people who want to pay and enjoy the product have no trouble doing so. People will
Re: (Score:2)
Your rant fails to account for a third group - those who have no opinion whatsoever, not even your vitriolic rage, because DirecTV doesn't exist where they are.
What does this mean? (Score:1)
Re: (Score:1)
Does this mean that I can download any app from the marketplace and install it on my WP7 phone for free? What's an "unlocked" WP7 phone?
It means you can go to places like mobiles24 com and install one of the MANY apps that they have archived from developers(free mostly) like we could previously with WM 6.5 and earlier.
Re: (Score:2)
Unlocked means that the phone has been registered to a developer account at the marketplace (and can run unsigned applications).
So you either have a dev account (tied directly to your name/credit card), or you have jailbroken the phone with chevron WP7 (which requires a cert from their site which has been removed at the request of Microsoft).