Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,806,211 Members 53,544 Now Online
XDA Developers Android and Mobile Development Forum

Marketplace "copy protection" cracked

Tip us?
(Last edited by Chainfire; 5th October 2009 at 09:19 PM.)
Chainfire's Avatar
Senior Moderator / Senior Recognized Developer - Where is my shirt? - OP
Thanks Meter 49,894
Posts: 9,076
Join Date: Oct 2007

Default Marketplace "copy protection" cracked

I will not do anything with this, or publish how. But you can be assured the "warez" guys from that one site will figure this out within a day or so as well...

As most of you will know I am a software developer by trade, with some commercial offerings from my company.

And then there was Marketplace. For commercial devs, something nice to have. But if you have followed the news, the piracy protection for commercial developers is not much to speak of. See this document

I will refrain from quoting the obvious mistakes in this document, if you give this thing a read, you will notice them soon enough. What it all comes down to is that there is no copy protection, not even at the advanced level, at least if they implement it in the way I interpret from reading that document.

So today I started up Marketplace and it worked. Hurrah. The current level of protection is making sure the CAB files are deleted upon install - which is obviously not a way to protect anything - but even this, I thought, should easily be circumventable.

Now, because I wanted to see how fast it could be done, I went with a hunch instead of doing any investigation. And that hunch worked like charm. It took me less than five minutes to circumvent this "protection", and get the ability to save the CABs the MarketPlace app downloads to a different folder. As the CAB file is the same for every downloader, you could just give this CAB you payed for out to all your friends.

Obviously I will not disclose the method, because that would be working against other commercial developers, and ultimately myself. It's just to let you know how ridiculously easy it is, and to give fair warning to those looking to sell apps on the Marketplace.

So, the moral of the story is... WTF MICROSOFT?

I know firsthand there is no such thing as perfect copy protection, but this is just plain ridiculous.

What we really need is for apps to be able to use our own copy protection schemes... you know, like the good web-based app stores out there.

EDIT: l3v5y has also succeeded in doing something similar, and it seems the WMPowerUser admin also found another easy way to do it... Yay, and it ain't even out yet!
BLOG - G+(Chainfire) - G+(Personal) - TWITTER - IRC - PAYPAL - BTC 1JeoxivKEXbbiegsv1BrUC7fD7GgSPcqkG

A proper quote includes only the relevant paragraphs, and a proper post never ends with the word "why"


HTC G1, Hero, One
LG G Pad 8.3, G Watch, G3
Moto E
Samsung i5800, i9000*2, P1000*2, P7100, i9100*2, N7000, P6800, i9300, N7100, i9505, N9005, G900F
Sony T LT30p, Z C6603
Nexus Galaxy*2, N7*2, N10, N7-2013, N7-2013-3G, N5

SuperSU, Mobile ODIN, TriangleAway, DSLR Controller, CF-Root, 500 Firepaper, OpenDelta, USB Host Diagnostics, ExynosAbuseAPK, Live dmesg+logcat, NoMoarPowah!, CF-Bench, Chainfire3D, CF.lumen, SGS2 SIM Unlocker, GingerBreakAPK, SuperPower, and more!

Windows Mobile 5/6
E-Mobile EM-ONE
HTC Wizard*2, Kaiser, Touch, Diamond, Pro, HD*2, Diamond 2, Pro 2*2, HD2*2
Samsung i780, i900*2, i8000*2, b7300, b7320, b7330, b7620*2, b6520

WMWifiRouter, KaiserTweak, FPUEnabler, WMLongLife, WMRegOptimizer, CFC+GUI, TF3D+v2 ports, Kaiser+Omnia2+Snapdragon 3D drivers, GfxBoost, and more!

Windows Phone 7
LG GW910

Apple iPad 3, iPad Mini 2

NOTICE: I do not respond to tech support questions through PM.
Senior Member
Thanks Meter 33
Posts: 549
Join Date: Apr 2008
Location: Belfast
Not even 12 hours after launch...that's pretty quick
Device: Google Nexus 5
Senior Member
Thanks Meter 1
Posts: 790
Join Date: Aug 2006
Oh noes.... that's not good!
Imagine Microsoft reads this and decides to offset tomorrow's Marketplace launch...
Or even worse, Microsoft launches the Marketplace but developers decide not to submit their apps because they're concerned that their apps get pirated.
ratchetnclank's Avatar
Senior Member
Thanks Meter 33
Posts: 311
Join Date: Nov 2008
Thats what happens when devices aren't locked down.
Senior Member
Thanks Meter 2
Posts: 306
Join Date: Feb 2006
That sounds bad, but it's really no different to how things are today. Perhaps there are some apps that have more security than either nothing or a serial key, but none that I use have anything more sophisticated.

Even as a developer myself, I'd easily take this over some DRMfest.
Current - HTC HD2 (Leo)
Retired - Raphael, Hermes, Wizard, Loox 720, iPAQ 2210
Farmer Ted
Senior Member
Thanks Meter 89
Posts: 2,371
Join Date: Nov 2008
So, if I'm reading this correctly, when you buy something from marketplace it's not tied into your username with a password like most apps? Instead, you just buy it and it installs the app, but doesn't give you a cab? Yeah, I don't think it's that hard to work around that and get a cab for yourself. Some of the cheaper apps at Handango are like that. Can you re-download an app onto a new device or if you have to hard reset, and is it free or do you need to buy download protection like form Handango?
ROM: Retro ROM
(Last edited by loomx; 5th October 2009 at 07:59 PM.)
Senior Member
Thanks Meter 14
Posts: 631
Join Date: Apr 2005
Good, copy protection pisses me off, all it does is piss of the genuine users. We have to deal with codes and activation to be legit, while people getting it free, just click here and there, copy a code here and huzah.

Copy protection doesnt work, someone will always find a way around it. Unless its linked to a windows live profile/xbox live profile. Which I can see probably happening when they bring out Zune on mobile phones, which sounds like it might be sooner rather than later!
l3v5y's Avatar
Retired Senior Moderator
Thanks Meter 38
Posts: 7,390
Join Date: Sep 2007
Location: Bristol

I did something like this earlier... MS haven't quite got security done yet, though my guess is the iPhone is no better...
Senior Member
Thanks Meter 0
Posts: 120
Join Date: Oct 2008
I'm really surprised by the lack of any drm; what's the point of signing in w/ one's Windows Live account? The easiest thing to do is to associate valid applications w/ one's Window's Live account. That's what itunes does for music at least (I don't know about apps as I don't have an iphone/ipod touch). Of course, what would happen is that an internet connection of some form is needed when the application is first installed, which could become inconvenient.
Senior Member
Thanks Meter 1
Posts: 280
Join Date: Mar 2006
Location: Atlanta
The truth of the matter is that the percentage or ratio of people who would bother to do this is pretty small. Most WinMo usersbarely even know how to setup e-mail not to mention install a cab file.

Most of the people in this forum already know how and where to get cracked apps or warez if they wanted too. I don't see this so called "flaw" as being an issue to MS or developers.
Kyocera QCP 6035 -Sprint - 1.5 yr
T-Mobile PPCPE - T-Mobile - 1.5 yr
HP Ipaq 6315 - T-Mobile - 1 yr
T-Mobile MDA - T-Mobile - 1.5yr
Sprint Mogul - Sprint - 1 yr
Samsung EPIX - AT&T - 3 mts
AT&T Fuze - AT&T - 3 mts
SE XPERIA X1 - AT&T - 6 mts
Touch Pro 2 - T-Mobile - 6 mts
T-Mobile HTC HD 2 - 5 mts
T-Mobile HTC HD 7 - current
Where there is life there is hope

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes