Sunday, January 2, 2011

Windows Phone 7 App DRM Cracked by One Developer in Six Hours


Apparently Microsoft "ironclad" piracy protections aren't really that strong

Thus far the Windows Phone 7 platform hasn't reportedly been suffering as severely from piracy as Apple's iOS or Google's Android. However, Microsoft may be in for a similar fate as its competitors.

In six hours, a developer advising technical blog site WPCentral was able to create an app (named "FreeMarketPlace") that downloaded any app from Microsoft's WP7 Marketplace, and removed the protections from it [video]. The cracked app could then be directly loaded on an unlocked handset, or be saved to your hard drive.

WPCentral was ardent that it would not publish details of how the hack worked, and that it only made the video as a cry to action for Microsoft. The site comments, "We are confident Microsoft will work hard to implement a stronger DRM system, in part due to this proof-of-concept demonstration."

The site had previously laid out a plan of attack for cracking Microsoft's DRM scheme, writing that the necessary steps were to:

- Download all the apps from the Marketplace: done (or can be done)
- Seed those apps in a torrent for peer to peer distribution
- Circumvent the 10 sideload app limit: done (see here)
- Enable a disabled app: tricky, but can be done, no method to do it en masse
- Get around code obfuscation (not mentioned by V@l€n, we'll do it for him)
- Remove XAP security signature: needs work

That report came following the post of a white paper detailing the initial steps on the XDA site (a resource for Microsoft developers) by hacker named V@l€n.

Keep in mind, however, without security protections properly in place, pirate programs may be unexpectedly modified to contain trojans or other malware.

Modified apps distributed via third-party apps stores were identified this week as creating a growing Android phone botnet in China. Thus when WP7's DRM is eventually cracked in full, beware if you're downloading pirated apps with your phone.


No comments:

Post a Comment