Marketplace "copy protection" cracked

I hope this news isn't taken the wrong way. Microsoft could lock down the phones entirely, (theres always the "roll out an update that bricks unlocked phones" trick that apple pulled), but that would kill resources like this site which I personally think would do them far more damage in the end. So long as xda-devs exists i'll only be buying WM phones.

You can try as hard as you like to stop people pirating apps and its generally broken overnight. Anyone interested in doing that will know of warez anyway.

Keep it open. keep them great. dont punish the people who want to pay for stuff.
Maz

fatmonk said:

Hi dicemaster,

How did you try this? Uninstalling and reinstalling on the same phone or another phone? Or the same phone after a hard reboot / content erase?

I'm just interested to know from what state you can get back to your purchased applicationsand whether is purely your windows live id that connects you to your purchases or if there is some device specific stuff checked as well.

Cheers,

FM

Click to expand...

Click to collapse

Your purchases are tied to your Windows Live account, and once you purcase an application you can simultanesouly load it onto 5 different phones if you so wish.

If you lose your phone or you lose your applications for whatever reason, you can log back into Windows Marketplace for Mobile and redownload your purchased applications at no cost.

You can find more information about Windows Marketplace for Mobile at the website here.

Cheers sc4freak,

That site has loads of useful info.

It did prompt me to consider one thing though - when installing through Marketplace do you get the option of where to install the app, ie either internal or external (SD etc) storage?

I believe you just get a notification that the app is installing within the Marketplace app rather than the standard popup box which asks where... so I guess things get installed on internal storage thereby filling the storage up...

-FM

Chainfire said:

Microsoft does not support your own serial systems. There is no information you can compare runtime vs purchases either, so you can't roll your own. Well ok, you DO actually have device ID information you could use, but that way purchasers can only run the application on the phone they actually bought it on. It is not clear how 're-download' information will be transmitted. If that also transmits a device id, then it is possible to roll your own, though it would be pretty nasty.

Click to expand...

Click to collapse

Reading the linked PDF in the OP, there is mention of advanced protection using some Microsoft-supplied code and a licence that is transferred to the phone at install time.

Would I be correct to assume that this "crack" only applied to CABs that use the basic protection afforded by the Marketplace, rather than the advanced protection?

I'm more amazed at the prices - £20 for Kinoma Play?

with the way windows mobile is now, surely it would be easy to install an app to a 'clean' device (ie hard resetted). compare files and registry before and after. then create cab with files and registry entries just created?

Chainfire said:

Until advanced protection goes live, of course we can't know for sure, but I doubt it'd take more than a few hours to patch.

Click to expand...

Click to collapse

As you've alluded to, advance protection would probably be cracked in a matter of few hours, so where's the problem?

All DRM does is make things difficult for legitimate consumers where as pirates get a simply cracked cab to install.

How do other marketplaces fare in comparison, I know for a fact my mates Jesus phone with installous has Tomtom, copiolt, navigon all installed only a day after they were released did he pay for them NO, not looked into andriod market place security.

hmmm...another though, does changing roms count as install on another phone? :s

That's how much it actually costs if u don't use a discount code! I got it for £12 or something

LOL Yall gotta remember though, Technically speaking and under the EULA, isnt Rom Cooking illegal also?

I remember reading an article saying its illegal, but MS vaguely said they don't really care.

But overall its still illegal. Most of the time, Copy protection harms the REAL consumers than the pirates. Since the pirates already disable them when they release. There is no perfect protection, even a condom isn't perfect and fails time to time.

The more "Advanced" the protection is, the quicker it gets cracked. Since people are more interested in breaking something that's hard to break than breaking something that's easy to break.

Also remember, quite a few studies have shown that pirate industry doesn't harm the industry its pirating off! Look at the Music Industry, through the economic crisis it still did so well, and studies have shown that people who downloaded music and pirated music have 3x higher chance that they will buy a CD than somebody who doesn't do any of the above.

Plenty of more examples if you look around on the web, like....
The independent film producer of "The Man from Earth", Thanked the pirate industry for pirating his movie. Since it provided him with free advertisement which in turn help spread word about his movie and how good it is. Which then got more people to buy his DVD, which if he didn't have this extra advertisement the DVD sales would have been a lot lower.

Producers of the TV Shows 24 and Lost also thanked the pirates for spreading their episodes, causing a higher viewing of it on TV.

Not everybody is a pirate, not everybody have the "know how" to become a pirate. However within a social group there is always one or two who are pirates. The word of mouth spreads quick, if the pirate downloads something that's awesome, they will no doubt tell their friends. Then their friends will tell other friends saying "oh a friend of mine said it was pretty good.... we should catch it when we can". Its a logarithmic algorithm, spreads like wildfire.

Programmers, and Distributors should read Sun Tsu's Art of War, Instead of trying to take out a strong opponent which you cannot win, instead befriend the enemy and take advantage of their resources.

Isn't that the reason Microsoft allows XDA?

From App Ideas to even a simple Icon change.
Both Microsoft and HTC have admitted to prosper from XDA.

They listen in when you don't want them to and they don't listen when you want them to

vijay555 said:

Is there anything to stop Software Authors implementing (or continuing to use) their normal Serial number protection systems?
Looking at the Market Place, there are obviously some of the Big Names we all know and love, and I don't see why they would remove protection systems they have in place already, unless it was a MarketPlace requirement.

Personally, I can't say I'm at all impressed with the MarketPlace implementation - it heralds back to the early days of PocketPC. Maybe they're going for lowest common denominator hardware support, but frankly even the relatively poor Android marketplace on Hero is massively better. And the Appstore even more so. And I think Cydia tops most of them!

Let's hope that the MarketPlace at least drives prices down.

V

Click to expand...

Click to collapse

I don't see the old serial protections as anything better. If the user bothers to go illegal on the MarketPlace, exactly the same thing will happen with serials - keygens, cracks, etc. Inconveniencing end users will not prove to help. Furthermore, on my Elf I have numerous issues entering serials into products - my keyboard always blocks off the ok / cancel buttons.

I was really disappointed to see the MarketPlace coming out with apps above $20. Doesn't Microsoft want to be competitive? If Microsoft believes in 6.5, and is not lieing when saying 30 new 6.5 phones will be out by 2010, it should bring down prices, make you want to purchase something, and rely on popularity. Makes everyone more happy, and could still produce the same amount of money as charging high and hoping for a few sales.

To be honoust i did find a few apps i might consider buying.

But being the cheapskate i am they ain't that pricy.

Now i've been using Windows mobile for, euh... i don't even remember.
But it looks like i will be spending more money on Software for my phone in the coming two years then i did in the last five.

And i expect it to be more for the common not to savy user.
Even with a broke ass security developers that have been in the game for a while will sell more apps. I know loads of people with Windows mobile, that haven't done anything with it at all. No Roms, No Hacks, No extra software.

And it's a larger group then the people i know that do something with it.
That market will be reached and robbed of their pennies, because now finally after all these years they find out they can actually do something with their Phones besides calling, and using internet, mail etc.

The marketplace is thee for those that don't know better, and probably still a large group of them won't know better. Because doing illegal stuff is just way to difficult for them. Even if it might look so bloody simple to the most of us.

I picture a meeting at Microsoft, with someone pointing out the serious flaws of their system. Then a manager speaks out and says: So What, We Are Going To Make loads of Money Anyway, I don't see any reason why we should spend more developing it. It all falls in an acceptable loss taken into account.

Personally i call it the Jamba Generation, dishing out money for silly wallpapers and ringtones or screensavers. The market they are targeting has already proven they don't mind giving away their money.

But that's just my opinion and that's not speaking of the professionals that buy applications because they really need them and understand their worth.

Chainfire said:

I will not do anything with this, or publish how. But you can be assured the "warez" guys from that one site will figure this out within a day or so as well...

As most of you will know I am a software developer by trade, with some commercial offerings from my company.

And then there was Marketplace. For commercial devs, something nice to have. But if you have followed the news, the piracy protection for commercial developers is not much to speak of. See this document http://download.microsoft.com/downl...tplace for Mobile Anti-Piracy White Paper.pdf.

I will refrain from quoting the obvious mistakes in this document, if you give this thing a read, you will notice them soon enough. What it all comes down to is that there is no copy protection, not even at the advanced level, at least if they implement it in the way I interpret from reading that document.

So today I started up Marketplace and it worked. Hurrah. The current level of protection is making sure the CAB files are deleted upon install - which is obviously not a way to protect anything - but even this, I thought, should easily be circumventable.

Now, because I wanted to see how fast it could be done, I went with a hunch instead of doing any investigation. And that hunch worked like charm. It took me less than five minutes to circumvent this "protection", and get the ability to save the CABs the MarketPlace app downloads to a different folder. As the CAB file is the same for every downloader, you could just give this CAB you payed for out to all your friends.

Obviously I will not disclose the method, because that would be working against other commercial developers, and ultimately myself. It's just to let you know how ridiculously easy it is, and to give fair warning to those looking to sell apps on the Marketplace.

So, the moral of the story is... WTF MICROSOFT?

I know firsthand there is no such thing as perfect copy protection, but this is just plain ridiculous.

What we really need is for apps to be able to use our own copy protection schemes... you know, like the good web-based app stores out there.

EDIT: l3v5y has also succeeded in doing something similar, and it seems the WMPowerUser admin also found another easy way to do it... Yay, and it ain't even out yet!

Click to expand...

Click to collapse

I got it too. Dunno if I followed the same hunch as you, but I followed my hunch. I think DRM is a bad thing though.

It's easy enough for a clueless idiot to do...

Another exploit (slightly more complex in it's implemetnation than the ones which just grab the *.CAB before the OS deletes it) is also apparently feasible.

It can be ran even after the original *.CAB has been deleted, perhaps even days after the app is purchased. It works by rebuilding the CAB file from the uninstall information that is present in the OS (put in place so the remove programs feature can do it's job).

I think the concern with all of this is with respect to the "advanced" security promised in the future... How easy will it be to defang, or remove compeltely the advanced security by simple patching of the exe?

It seems at this stage, with the limited information available it may be a reasonably trivial, and automatable process...

One things for certain, the current "basic" security is no security at all, and a simple application can be developed to automate it's circumvention.

lol those numbhead marketing geeks don't even know how they're making a fool out of micro$oft. They're letting their developers work against the clock in stead of taking a bit more time to secure their software.....they're too greedy

Issue

I dont know about you guys but simply supplying the cab file hidden somewhere in where you downloaded is not enough protection for the developers. They make a living off these programs. Look at SPB software they seem pretty big. If everyone got there software for free which im sure they could if they were pirates then they would be discouraged to develop software. So they do implement serial keys and what have you but i think the core issue is that microsoft doesnt know how to handle the iphones popularity neither in the vast amount of apps that have sprung up for the iphone considering WM# has been around for a while. I think they simply dont care about it anymore i mean to allow this to happen but im sure if i want windows 7 i have to submit to a drug analysis while forking over my cash with thumbprints and blood samples. They are stretched thin by competing with everyone. The fact that this website even exists shows that most of our hardware is good but poorly controlled by the software. I think if they really wanted to protect developers of software. they need cabless installation mayb a little inconvenient but take it one step further. If you buy a software and pay with ur creditcard they send u a link that doesnt have a cab file in sight. instead it installs directly through your forced use of windows mobile device center or activesync. Install it on ur phone ready to go no need for serials or anything like the PS3 if i buy a program there its attached to my username i can download the software like 4 to 5 times in case i format my ps3 or hard drive crashes or whatever the reason. they dont give me the EXE file for the software(not that its EXE guys) they just give it to me and it works. The same thing should be done to protect these developers. Less annoying to the customer more secure for the developers = awesome
does not equal microsoft vista anyone?

Brendo said:

hmmm...another though, does changing roms count as install on another phone? :s

Click to expand...

Click to collapse

Good question.

I searched through the Marketplace documentation, and I know that they say you can use each app with up to 5 devices max that are tied to your user account, but how does frequently flashing a new ROM to your device effect that. Is there any change to the device ID when you flash new ROMs?

I purchased one (1) paid app, and installed a few free ones. Since then performed a ROM flash, and logged back into the Marketplace. It did show the apps I had previously downloaded, and allowed me to install them all at once.

My worry is, how many times will I be able to do this with frequent ROM updates? I have no problem paying for apps, but until I am sure I will be able to continually re-install them after ROM flashes, I will hold off on anymore purchases from the Marketplace. They really need to come up with a good way to back up my paid apps for frequent ROM flashes (ie save the .cab files). Until then I will stick to only getting free apps on the Marketplace. Otherwise I am pretty much throwing money away for paid apps.

Mr_Armageddon said:

My worry is, how many times will I be able to do this with frequent ROM updates? I have no problem paying for apps, but until I am sure I will be able to continually re-install them after ROM flashes, I will hold off on anymore purchases from the Marketplace. They really need to come up with a good way to back up my paid apps for frequent ROM flashes (ie save the .cab files). Until then I will stick to only getting free apps on the Marketplace. Otherwise I am pretty much throwing money away for paid apps.

Click to expand...

Click to collapse

Just get sk tools (they probably sell it there, don't they?) and use it to make cabs of the apps you purchase. Then you're done and won't have to worry about it anymore. Or, do this: install the app, copy all of the files installed into a sashimi folder (\storage card\sashimi\auto\root\program files\app folder... ), find the registry keys and stick them in the .reg folder of sashimi and you're pretty much done. Check \windows after the installation and see if there are any new files in there (organize by date modified and the new ones appear on top). After you've used the app a while, check \application data and see if any settings files are in there, and also check \my documents for log files or similar odds and ends. If the app runs at startup, then grab that link and put it in \storage card\sashimi\auto\root\startup. Stick the start menu link in \storage card\sashimi\auto\root\start menu\programs\sub-folder. At that point, you will pretty much have reconstructed the cab and saved all of the app settings.