Marketplace Security Cracked In Minutes
|Marketplace officially goes live tomorrow (even though it’s live today) but Chainfire tested out the security and to his surprise it took a mere 5 minutes to bypass the copyright security, thus letting him exchange ‘secure’ apps with anyone. He has not shared the method (which we would not share if it were disclosed) but he stated the following:
What it all comes down to is that there is no copy protection, not even at the advanced level, at least if they implement it in the way I interpret from reading that document.
So today I started up Marketplace and it worked. Hurrah. The current level of protection is making sure the CAB files are deleted upon install – which is obviously not a way to protect anything – but even this, I thought, should easily be circumventable.
Now, because I wanted to see how fast it could be done, I went with a hunch instead of doing any investigation. And that hunch worked like charm. It took me less than five minutes to circumvent this "protection", and get the ability to save the CABs the MarketPlace app downloads to a different folder. As the CAB file is the same for every downloader, you could just give this CAB you paid for out to all your friends.
Obviously I will not disclose the method, because that would be working against other commercial developers, and ultimately myself. It’s just to let you know how ridiculously easy it is, and to give fair warning to those looking to sell apps on the Marketplace.
So, the moral of the story is… WTF MICROSOFT?
I know firsthand there is no such thing as perfect copy protection, but this is just plain ridiculous.
What we really need is for apps to be able to use our own copy protection schemes… you know, like the good web-based app stores out there.
We’ll all see where this goes together…