New Marketplace Advanced Copy Protection now also cracked
As we predicted, Microsoft’s anti-piracy measures for the Windows Mobile Marketplace, even on its second level (the first one was delete the cab file) did last very long at all.
Chainfire wrote on XDA-Developers:
I have now cracked the "advanced" copy protection used by Marketplace. As you may know, this is a "better" protection than the original "CAB copy protection" Marketplace offered. This "advanced" protection uses license keys that are verified when you run the application, and given out and controlled by Microsoft.
Several developers are annoyed that Microsoft does not allow us to use our own licensing schemes, and are forced to use "no protection" (the original CAB copy protection) or use Microsoft’s scheme which is essentially a single point of failure for all Marketplace protected apps.
This new "advanced" protection was released today by Microsoft, and as far as I know no app available already uses it at the time of this writing.
So I got the code snippets you are supposed to put in your app and it was simply jawdroppingly WTF. While it was not exactly easy to beat, it took me less than two hours to devise a "generic" hack, without modifying any files on the device. (Well hey, at least it’s better than the 5 minutes it took for the "basic" protection, right?)
A "generic" hack? Yes, by this I mean that this single hack (actually, running an EXE in the background) will completely bypass the entire code snippet provided by Microsoft that is supposed to check and validate your license code, for all Marketplace apps that use this "advanced" protection.
Chainfire will not be releasing the hack, which involves patching the cryptographic module while it is running in the background. His goal is to get Microsoft to realize a mono-culture of copy protection means no protection at all for all, and for Microsoft to allow developers to use their own various modules. While we ourselves do not think this is an ideal solution, the ease with which their new protection has been bypassed remains frightening to developers, and may cause them to stay away from the embryonic Windows Mobile Marketplace.
Sphere: Related Content
Posted in 
Tags: 
QUOTE: "Chainfire will not be releasing the hack"
big freaking deal! that is like some online store saying "WE HAVE SONY X10 IN STOCK NOW!!!!! but we under contrast not to ship to customers until 1Q 2010".
[Reply]
I guess the trade off is: reach an audience of millions with possify theft of the app in the thousands or reach audiences of thousands with zero theft. Most sites like XDA and PPCGeeks have policies against 'warez' which this most certainly is. Only on the fringes of the dwindling WM community will things like this happen…
[Reply]
l3v5y Reply:
November 13th, 2009 at 2:17 pm
"Dwindling" isn't a word I'd use to describe the WM community. The XDA-Devs servers are constantly having overloading problems because they're getting new members faster than they can afford to upgrade the hardware.
[Reply]
that's bad news for msft
[Reply]
""generic" hack, without modifying any files on the device."
That's a fairly misleading statement, as he runtime patches the files whilst they're loaded in to RAM, so that part at least is more complex than you may think.
[Reply]
chainfire Reply:
November 14th, 2009 at 12:35 pm
Well I never said it wasn't complex. But being complex doesn't necessarily make it very difficult to do. The actual license validation code is very complex as well (depending on how you look at it), but it's still only about 40 lines of code.
Of course, you do have to put the EXE on the device, but the EXE does not require you to enter a "target application" – it will work on all applications with this protection while it is running.
What I meant was (perhaps I should have been clearer), no ROM files need to be modified/replaced, nor does the executable of the target application(s) have to be modified on the device.
Actually, it isn't the applications that get patched on load either – it's kernel parts.
[Reply]