piracy

Microsoft has announced a new strategy to combat criminal hackers by opening up a new Cybercrime Center. This building will house security engineers, digital forensic experts and trained lawyers. The company is attempting to play catch up with hackers who have innovated alongside technology to remain one step ahead of law enforcement. 

More →
5
loading...
0
loading...
33
loading...
0
loading...

Software piracy is a serious battle, which can also affect our beloved platform developers. Microsoft has taken action by automatically applying encryption to all apps through the newly unveiled Dev Center. According to a detailed post on the Windows Phone Developer Blog, Todd Brix states that all apps (including those already submitted) are automatically encrypted without user input.

We first heard about the possibility of server-side encryption back in November, 2011. From our understanding, Microsoft was waiting until everyone was on Mango to implement that feature and it now looks to have happened. If you recall, at the end of April Microsoft decreed that you had to have Windows Phone 7.5 to get to the Marketplace. Combined with the Dev Center refresh, we think that transition for encryption is now complete.

More →
8
loading...
7
loading...
46
loading...
0
loading...

An interesting thing happened yesterday which we chose to not cover in detail. In short, someone published an app to the Windows Phone Marketplace that was pirated. Specifically it was a popular GPS navigation app which cost a good amount of money.  The person responsible presumably ripped the original XAP from the Marketplace and simply re-submitted it, pawning it off as their own.

Did they try to make money from it? Nope, they did something possibly worse--they offered it for free.

More →
0
loading...
5
loading...
47
loading...
0
loading...

In an interesting article at Ars Technica, they discuss the brief history of Chevron WP7, homebrew and piracy with regards to Windows Phone 7. Most of it is par for our readers, with nothing to substantial as far as history.

But there was a real interesting section regarding piracy, encryption and what Microsoft is doing to prevent theft of developers' software:

"Those piracy concerns are still an issue. It's possible to download application packages from Microsoft's servers and install them onto a developer unlocked phone without actually buying them.

That will change. Windows Phone 7.5 "Mango" includes support for a new kind of encrypted package that should rule out this kind of piracy. Microsoft is waiting to ensure that a high enough proportion of users have upgraded to Mango before throwing the switch and using these encrypted packages, however."

This is the first we heard of any XAP encryption that would seemingly prevent users from sideloading illegally downloaded XAPs from Microsoft's servers (something we first demonstrated back in December). The idea is certainly a welcome one and from that detail about Microsoft waiting to throw the switch, this seems to be all on their-end.  That means devs won't have to do anything different in their XAP preparation and submission to the Marketplace.

Of course devs could presumably still release their XAPs directly e.g. for the homebrew community without encryption, much like they do now. But for companies like Nokia, who may be a tad irritated that their Music and Maps apps have been ripped, this could be very welcome news.

Source: Ars Technica

More →
2
loading...
0
loading...
1
loading...
0
loading...

A day later after we posted the "proof of concept" (PoC) video demonstrating how easy it is to defeat Windows Phone app protection, the discussion is starting to head into another direction: from criticism to potential solution. FreeMarketplace may only be 65.5kb in size (seriously), but its ability to freely circumvent the weak DRM of all 4k+ paid apps in the Marketplace with a single mouse-click is a real concern.

While we're confident Microsoft has something in the works to right this problem (though nothing is confirmed), developers may be able to take some  matters into their own hand to better improve app security.

Tobias, the developer of FreeMarketplace, has what he thinks is a method to slow down potential pirates. What makes FreeMarketplace so dangerous is the automation--no mid-level "cracker" is needed to go into each and every app to defeat DRM, which is how the majority of app piracy has to proceed (see iOS). That's because DRM in the Windows Phone Marketplace is the same for every app, making an automated system-wide app cracker feasible:

The code and the guides I gave you here will not stop piracy. Anyone with the corresponding skills can still startup reflector, go through your code, remove any checkes, remove DRM and install it on a device. YES, but it got a lot more difficult to do it in an automated fashion. So, there might be one or two who can still break your security measures by hand but the masses won’t be able as there is no generic tool available.

While not a true fix, it can at least add some speed bumps for now till MS can offer more robust DRM support. Of note, Tobias is still not sharing details on how FreeMarketplace works, so don't expect any nuggets there. In addition, what follows is strictly for developers, so non-techies will only glean a few interesting tid-bits.

Read: Getting a more secure Windows Phone 7 app

More →
0
loading...
0
loading...
0
loading...
0
loading...

Walking the fine line between black and white hat security, XDA member V@l€n has gone and posted a detailed "security whitepaper" on the state of app piracy in the Windows Phone Marketplace.

We almost hate to write on the topic since it will attract claims of supporting piracy,  but the fact is developers and Microsoft need to know just how vulnerable the platform is so that it can be improved on before it's a problem. And that's just it, right now there is no issue with app piracy for Windows Phone, but it is inching closer and once those few remaining hurdles are cleared, there will literally be a flood of pirated apps on the market.

But before we jump into all of that, lets detail exactly what is going on here. For better or worse, V@l€n has done a great job of outlining all the steps needed to make a ridiculous piracy campaign, showing all the necessary procedures that need to be cleared.

Follow us after the jump as we walk through this story...

More →
0
loading...
4
loading...
9
loading...
0
loading...

Although there have been reports of people porting over WP7 to the HTC HD2 and some chatter of people being able to make ROMs  (though not load them), there may yet be one final hurdle that could be very difficult to overcome: PVK.

PVK are the private keys Microsoft evidently uses to sign off on the OS that is also tied to the hardware. Specifically, some aspect of the OS looks for and then pulls these keys from the device motherboard for verification. If the keys cannot be found, the motherboard must be replaced or serviced. While elements of the phone/OS might still work without the PVK key, core elements such as Xbox, Marketplace, Windows Live or Zune...basically any "cloud service" will not.

The challenge to developers/hackers would be to circumvent this security, much like folks have managed to get around Microsoft's Genuine Software checker for Windows 7 and Office products. No easy task, we imagine.

In addition to  the above image,  there is an accompanying "Service Advisory" on one of the HTC internal sites that reads:

Description:

This Service Advisory aims to resolve invalid PVK or PVK missing issue for any returned WP7 units

Condition(s) to follow this service advisory:

1. When customer complains about can not access Microsoft services such as XBOX, Marketplace, Windows Live and Zune on the WP7 devices.

2. When ASP performs diagnostic program test, ASP needs to follow the below repair actions if the diagnostic program detects invalid or missing PVK.

    If the PVK is invalid or missing, there will be message on device as following when user try to login to Windows Live service.

    To all of this we say good on Microsoft for throwing down some serious security, but alas, the ROM community now has a challenge ahead of itself. Of course, this is probably more motivated by piracy concerns than ROM cookers, but we imagine Microsoft welcomes that as a wanted side effect as well. Combined with the Xbox Live security (see earlier coverage), cracking this OS wide open may be far off.

    Thanks, Conflipper, for the info

    More →
    0
    loading...
    0
    loading...
    0
    loading...
    0
    loading...