Wednesday, December 12, 2012

Ironic? Nokia engineer details easy ways to hack Windows 8 in-app purchases, trial apps

Remember the hack from earlier this year that allowed users to sidestep iOS in-app purchases? iOS isn't the only platform vulnerable to such spoofing, but Microsoft is probably really peeved at who revealed this one.

Internet Security
Justin Angel is a Nokia engineer working on Windows Phone. Nokia and Microsoft are BFFs, at least for now, so this certainly won't go well. On Tuesday, Angel posted a detailed step-by-step guide on how to "compromise [the] Windows 8 [Metro] games revenue stream."

Using the Soulcraft Windows 8 game as an example, Angel's post shows how Windows 8 users can edit parts of a game to bypass actually paying for in-app purchases.
Angel's post also shows how Windows 8 users can modify trial apps, giving them a full license, including a way to remove in-app ads.

Trial apps are very vulnerable. They are downloaded to a client device with the full unlocked code embedded. Trial licenses are stored in a Tokens.dat file, which is very easy to edit. All that is necessary is to change an XML attribute from Trial to Full. His suggestion for a fix?
One way to fix this issue would be to have developers build two app packages (one limited functionality trial package and one full functionality package) and have those secured by the Win8 store purchasing system.
Notably, the post has become so popular that his server is currently offline.

With the hack, it's only a matter of time before some enterprising developer creates a one-shot tool that unlocks every in-app purchase, pirates trial apps, and removes in-app ads.

The issue isn't with Windows 8 per se, but with any app that installs to your hard drive. That's why, often, apps will check back to the Mother Ship to determine the authenticity of an installation.

No comments: