backtop


Print 32 comment(s) - last by Motoman.. on Jan 4 at 1:03 PM


In yo' app catalog, cracking yo' apps!   (Source: WPCentral via YouTube)
Apparently Microsoft "ironclad" piracy protections aren't really that strong

Thus far the Windows Phone 7 platform hasn't reportedly been suffering as severely from piracy as Apple's iOS or Google's Android.  However, Microsoft may be in for a similar fate as its competitors.

In six hours, a developer advising technical blog site WPCentral was able to create an app (named "FreeMarketPlace") that downloaded any app from Microsoft's WP7 Marketplace, and removed the protections from it [video].  The cracked app could then be directly loaded on an unlocked handset, or be saved to your hard drive.

WPCentral was ardent that it would not publish details of how the hack worked, and that it only made the video as a cry to action for Microsoft.  The site comments, "We are confident Microsoft will work hard to implement a stronger DRM system, in part due to this proof-of-concept demonstration."

The site had previously laid out a plan of attack for cracking Microsoft's DRM scheme, writing that the necessary steps were to:

  • Download all the apps from the Marketplace: done (or can be done)
  • Seed those apps in a torrent for peer to peer distribution
  • Circumvent the 10 sideload app limit: done (see here)
  • Enable a disabled app: tricky, but can be done, no method to do it en masse
  • Get around code obfuscation (not mentioned by V@l€n, we'll do it for him)
  • Remove XAP security signature: needs work

That report came following the post of a white paper detailing the initial steps on the XDA site (a resource for Microsoft developers) by hacker named V@l€n.  

Keep in mind, however, without security protections properly in place, pirate programs may be unexpectedly modified to contain trojans or other malware.  

Modified apps distributed via third-party apps stores were identified this week as creating a growing Android phone botnet in China.  Thus when WP7's DRM is eventually cracked in full, beware if you're downloading pirated apps with your phone.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

...why?
By Motoman on 12/31/2010 9:27:33 AM , Rating: 5
quote:
We are confident Microsoft will work hard to implement a stronger DRM system


...why? Why in Dog's name would you want DRM at all?

DRM is a catastrophic failure for everyone involved - NO ONE has ever benefited from having DRM on their product.

ALL DRM FAILS. 100% failure rate. Every implementation of DRM fails to prevent piracy.

ALL DRM punishes the consumer, making it difficult to do what you want with the product...often making piracy the better option. DRM pushes legitimate consumers away from legitimate purchases because of the onerous limits it puts on them...not to mention usage problems it frequently creates.

DRM costs manufacturers lots of money. They pass that cost on to the consumer. Granted that DRM has a 100% failure rate, that's a lot of money for ZERO effectiveness.

If anyone in the industry had any brains at all, they'd stop using DRM. If anyone in our government had any brains at all, DRM would be outlawed. At the very best...the VERY BEST...DRM is a scam funneling money into the pockets of DRM producers. How do you think you'd do, selling a product with a 100% failure rate?




RE: ...why?
By omnicronx on 12/31/10, Rating: 0
RE: ...why?
By omnicronx on 12/31/2010 9:56:09 AM , Rating: 3
quote:
Personally I don't see how MS could survive in the current mobile ecosystem without it. Developers will not take the new mobile OS seriously if it is rampant with piracy from the beginning
And yes I know that all major platforms have all been cracked in one way or another, but perception is a powerful thing.


RE: ...why?
By Motoman on 12/31/2010 10:16:46 AM , Rating: 1
...and just to separate perception from fact...

The fact is that DRM has a 100% failure rate. If there's any "perception" on the part of anyone that DRM helps in any way, at all, then they are quite simply disturbed.


RE: ...why?
By jtesoro on 12/31/2010 12:13:55 PM , Rating: 2
I haven't checked recently, but I thought Assassin's Creed 2 hasn't been successfully pirated yet.


RE: ...why?
By inighthawki on 12/31/2010 2:13:49 PM , Rating: 2
If by '2' you actually mean '2' and not 'Brotherhood' then 'recently' must really be 'the last year' because Skidrow cracked that quite a while ago


RE: ...why?
By jtesoro on 1/1/2011 11:08:21 PM , Rating: 2
Just looked again, and it's actually April 2010 when the crack came out (not sure if that's what you meant by 'last year' given that it's still 2010 on your post).

In any case, it must've been one hell of a job to make the crack given my understanding of the DRM scheme.


RE: ...why?
By inighthawki on 1/1/2011 11:31:43 PM , Rating: 2
It's called exaggerating, but it has been quite a long time. 8 Months might not be a year, but it's still a long way away from "recently"


RE: ...why?
By foolsgambit11 on 12/31/2010 5:53:03 PM , Rating: 2
DRM isn't just about preventing IP infringement, it's also about deterring IP infringement, and in that sense, it's moderately effective. While many of the people here may be able to bypass DRM schemes to save themselves some money, the majority of the population would rather just shell out the cash to buy a product. This is especially true on closed/semi-closed/proprietary systems that receive regular updates or access a network (game consoles, mobile phones, etc.), where the necessary modifications may prevent future updates from being available, cut off access to services (like XBox Live), or brick the device. Even if that doesn't usually happen, the threat that it may at some point occur is enough to deter many.


RE: ...why?
By inighthawki on 12/31/2010 6:02:09 PM , Rating: 2
That is less to do with DRM and more to do with the effect of piracy. Everything you said is JUST as effective if the only protection against piracy was a serial and/or simple cd check. The difficulty involved in circumventing a DRM protection has little to do with the deterrent factor of what will happen if you do.


RE: ...why?
By omnicronx on 1/1/2011 2:30:23 PM , Rating: 1
Fact is a powerful word.

Will most DRM schemes eventually be cracked? Sure..

Will DRM detect many from the illicit activies in the first place? Yes..

Whether or not the DRM is a failure is hardly dependent on whether or not the scheme is bypassed.

Correlation != Causation
Nor are your vague inferences fact.


RE: ...why?
By Motoman on 1/1/2011 4:51:09 PM , Rating: 4
quote:
Will most DRM schemes eventually be cracked? Sure..


Not most. All. Every DRM scheme that has ever existed has been cracked. It is irrational to expect that there will ever be an "uncrackable" DRM scheme in the future. Remember what the definition of insanity is...

quote:
Will DRM detect many from the illicit activies in the first place? Yes..


Assuming you meant "deter" instead of detect...maybe. But on the other hand, what that DRM will deter people from doing is buying the product/service at all. It's a double-whammy for the producer...not only does the DRM not prevent piracy, but it does prevent some people from buying the product/service altogether.

quote:
Whether or not the DRM is a failure is hardly dependent on whether or not the scheme is bypassed.


...what? The purpose of DRM is to prevent piracy. If it doesn't prevent piracy, it's a failure. If it further deters would-be consumers from buying the product/service, it's a superfailure.

quote:
Correlation != Causation


First intelligent thing you've said all day. Strange that you think that there's any reason to point that out here and now, though...unless you fundamentally misunderstand what's going on.

quote:
Nor are your vague inferences fact.


Vague inferences? It is an irrefutable fact that 100% of all DRM schemes has been defeated...and therefore do not prevent piracy, which is what they're supposed to do. That's not vague, and it's not an inference. DRM does limit what the consumer can do with the product/service - that also is neither vague nor an inference. Same applies to the fact that some forms of DRM can preclude the legitimate consumer from properly using their legitimately-purchased product/service anyway...and to the fact that DRM does deter some would-be legitimate consumers from buying said product/service...and to the fact that the DRM will push some of those would-be legitimate consumers to using a pirated version instead - since it would cause them less grief to do so.

None of that is vague, and none of it is an inference. All of it is happening, right now. And that is a fact.


RE: ...why?
By Motoman on 12/31/2010 10:15:13 AM , Rating: 5
quote:
Its not a terrible thing to know that what you are downloading comes from at least a semi secure source.


That has nothing to do with whether or not it's infected with DRM. Not in the slightest.

quote:
DRM in the current mobile space can actually help the consumer depending on the user.


No it can't. Not in any way...at all. There is absolutely nothing that the consumer gains from DRM. DRM is not a guarantee of quality software...or being malware-free. It's simply a guarantee that you're going to be treated as a criminal from the get-go...just becasue you might be...but if you were, the DRM wouldn't stop you anyway. DRM only punishes legitimate consumers.

quote:
While I do agree with your post if we were talking about the PC world, I don't agree one bit looking at the current mobile ecosystem.


Then you make no sense.


RE: ...why?
By BSquared on 12/31/2010 3:06:27 PM , Rating: 2
I thought the DRM in WM/WP apps was to discourage the copying of paid programs from the marketplace to other phones/WM/WP devices. I mean, the app only runs on that device until transferred through the marketplace...don't ask me why people are worried about a DRM model that basically mirrors Steam and other popular marketplace apps.

What I'm curious is, does that proof of concept program allow downloading of apps that aren't paid for to begin with, or just strips DRM from apps you've already purchased.


RE: ...why?
By omnicronx on 1/1/2011 2:24:29 PM , Rating: 2
You are clearly focusing on a single matter, as though the only function of DRM is to stop users from pirating which is clearly not the case.

If the masses really cared about all the things you mention, then why are people on all platforms buying up mobile software like no tomorrow?

You are not the entire consumer base, so please stop pretending as though you are the voice for everyone.

As a developer I can certainly see the advantage of a completely open environment, but I also see the advantage of a partially closed environment.

And really how are you punished with DRM in the mobile space? You can't use it on more than one machine at once? Which legally you are not allowed to do anyways? Desktop DRM is far more intrusive than what we currently have in the mobile space. In fact I've only ever come across issues when I'm trying to do something I was not suppose to be doing.. (i.e was trying out a piece of software on my jailbroken device)..

So please enlighten me, who is being punished here and how? What are you not being allowed to do? Anyone who cares knows how to bypass it, anyone who does not can sit in their walled garden pretending they are safe.

The fact remains MS had little choice here, developers are not going to stay with a new platform that is not protected, even if that protection is not as great as it seems. The fact that the DRM scheme itself will eventually be infective is completely irrelevant, without it they won't be in business.

Argue for what you believe in but please, use some common sense. Like it or not, its a requirement for a new platform these days as all existing platforms have employed some form of DRM.


RE: ...why?
By Motoman on 1/1/2011 5:03:13 PM , Rating: 2
quote:
If the masses really cared about all the things you mention, then why are people on all platforms buying up mobile software like no tomorrow?


Because people are stupid and don't think their actions through. They aren't paying attention, and they're not aware of what's going on.

quote:
You are not the entire consumer base, so please stop pretending as though you are the voice for everyone.


By pointing out these issues and discussing them in a public forum, I am elucidating said issues and perhaps turning on a few light bulbs in a few otherwise dim heads. And standing up for your rights and interests as a consumer is hardly an activity that should be shunned.

quote:
And really how are you punished with DRM in the mobile space?


Even if it was just the fact that you can't get and install applications from any source you want, that's enough. Stop pretending that to discount DRM is to promote piracy...it's not. It's about taking interest in your rights and privileges as a consumer.

quote:
i.e was trying out a piece of software on my jailbroken device


orly? And why would you have a jailbroken device? Shurely you're not trying to get around some kind of DRM...

quote:
So please enlighten me, who is being punished here and how? What are you not being allowed to do?


In the specific case of mobile device DRM, as noted above even if it was only the constraint of where you can get and install an app from, that's enough. There's probably more. Therefore, the "who" is every consumer of a DRMd mobile device, and the "how" is by constraints on what they can do with the device. Like choosing where to get applications from. Just one example. Which would be enough to protest about.

quote:
Anyone who cares knows how to bypass it, anyone who does not can sit in their walled garden pretending they are safe.


It's not OK to say "those who know how can bypass it" - because you shouldn't have to be a ha><or to be be able to use your device as you desire. It's also not OK to leave the unwashed masses in their walled garden without protest...they are being treated unfairly, regardless of how nice that garden might look.

quote:
The fact remains MS had little choice here, developers are not going to stay with a new platform that is not protected, even if that protection is not as great as it seems. The fact that the DRM scheme itself will eventually be infective is completely irrelevant, without it they won't be in business.


Developers will develop for a platform that is going to be popular. Like the web. Which isn't DRMd. If MS put out a platform without DRM, developers would develop content for it. It would be refreshing for someone to finally stand up and admit that DRM is an abject failure in every way, and refuse to arbitrarily limit what their consumers can do with their devices.

quote:
Argue for what you believe in but please, use some common sense. Like it or not, its a requirement for a new platform these days as all existing platforms have employed some form of DRM.


No, not it is not a requirement for a new platform to have DRM. To assert that it is is an abject display of ignorance and/or stupidity. DRM is anti-consumer, in every way, without recourse. DRM does not benefit the producer. Developers would develop for the MS platform whether it had DRM or not. Obviously you can argue for whatever you want to...but try to pick an arguement that's not so blatantly anti-consumer and nonsensical.


RE: ...why?
By Jrouss on 1/2/2011 9:47:45 AM , Rating: 2
Most consumer don't understand that DRM exists or what it does. That said I think DRM is being reffered to in terms that are to because it encompasses every kind of DRM. I personally don't care if a program needs a key to run. I do however care that I need to be online and have my activation validated and its status revalidated every time I use the program.

I have also seen and experienced cases in which DRM has totally screwed me. One example is a Windows XP system I was working on that I had to replace some hardware. This system never activated properly after I replaced the HD because it was an OEM system, all I did was fix a computer that had a legal copy of windows. FYI I understand the OEM license limitations, it doesn't make it right though. This example actually forced me to look at ways to bypass the activation because neither Dell or Microsoft cares. Another example is when I bought music that I could never listen to because it required online authentication. This happened when I was deployed overseas and did not have easy access to the internet. Come to think of it this was also Microsoft DRM for some wma files I bought with Music Match.

I am also not okay with the fact that many DRM schemes monitor and store data about usage and in some cases location. I don't know about anyone else but, shouldn't it be no ones business when I when I listen to a song I purchased? Really when did we accept this B.S. companies get us to buy their stuff, they spy on us and sell this data and then figure out ways to sell us more stuff.

Instead of the front door example I look at it like this. I buy a lawn mower and mow my lawn. No one monitors when I start the lawn mower nor do they own a key I need to start it. Now I understand that I can't copy my lawn mower and give it to my neighbor but I just don't see how MOST commonly used DRM is good for anyone but businesses.

An article I remember this article from a few years ago discussing this issue. BTW I do not file share nor do I think piracy is right.

http://www.p2pnet.net/story/13358


RE: ...why?
By lowsidex2 on 1/1/2011 2:43:48 PM , Rating: 2
DRM is the same and locking your front door... It keeps the honest people honest. If someone really wants in, they are going to get in, but does that stop you from locking your front door?

The same argument can be made for airport security, passwords on computers, locks on your car, combination to your locker.

It's not 100% effective but it's not 100% failure either. It limits access to those savvy enough and determined enough to break it (however I will agree its usually a pain for the legit user)


RE: ...why?
By inighthawki on 1/1/2011 6:43:36 PM , Rating: 2
There is a huge flaw in your analogies. Unlike a crack for DRM which needs to be cracked once then be widely distributed quite easily to anyone with an internet connection for free, such devices do not exist to simply "bypass a password", "unlock car doors", or "open combination locks" easily for free once one person has done it.


RE: ...why?
By Cullinaire on 1/1/2011 7:35:46 PM , Rating: 2
Nope, not really a flaw but a nitpick on your part. The reason is because "honest" (because it can also be "apathetic" or "lazy"...or sometimes truly honest too) people don't go around looking for cracks the moment they run into the DRM protection. They can be considered a significant percentage of the mobile app-using population.
Proof? Has iOS/Android failed not long after their cracks since nobody would be buying apps anymore? Haven't heard of such news.
The OP's point basically says those people (mentioned above) will be stopped at the DRM, because that would be the equivalent of them trying the door at a store that was closed for the night. If it's locked, they'll just come back the next day. But no harm in trying right?


RE: ...why?
By Motoman on 1/3/2011 10:46:51 AM , Rating: 2
Except that unauthorized people aren't supposed to go in your house. That's actually illegal - whether the door is locked or not.

DRM often causes you to not be able to use the product/service you bought in the manner in which it was intended to be used. So it could only be compared to a lock on your house door if said lock also randomly locked you, the homeowner, out too.


RE: ...why?
By smegz on 1/3/2011 1:38:08 PM , Rating: 2
http://www.dailytech.com/Android+Trojan+Let+Loose+...

That's why you want DRM and controls in your app markets.


RE: ...why?
By Motoman on 1/4/2011 1:03:13 PM , Rating: 2
No, that's why you want people to take responsibility for their devices...it's no different than the web in general, or the Windows application market - ultimately, no different than expecting people to know better than to trim their hedge with a lawnmower.

You can't regulate stupidity - morony always finds a way. However, there is no cause to punish the entire consumer base in a misguided attempt to protect the stupid from themselves.


If you don't like DRM.
By dark matter on 1/1/2011 12:54:29 PM , Rating: 2
Then do you leave your front door unlocked? Do you leave your car unlocked? Both can be broken into by a determined thief. After all, a lock only keeps out the honest.

Of course you don't. You put up with inconvenience of using an Alarm, when they don't stop you getting robbed. However, they do deter the casual thief.

And this is what DRM intends to do. If you don't like companies using DRM, then I expect you not to use an alarm or have a lock on your door or car. It's only fair.




RE: If you don't like DRM.
By Taft12 on 1/1/2011 10:03:54 PM , Rating: 2
Your analogy fails to take into account the hassle DRM creates for paying customers. In many cases the official product is INFERIOR to a pirated version. Case in point, PC games that require an active internet connection to play single-player mode. I'll take the DRM-free option please.


RE: If you don't like DRM.
By Bateluer on 1/2/2011 1:03:10 PM , Rating: 2
If your analogy was accurate, my house would only allow me entry 3 times. On the 4th time, I'd have to call MasterLock, navigate an automated phone system to confirm my identity, then wait a few days while they dispatched a rent-a-cop security technician to open the door for me.


RE: If you don't like DRM.
By adiposity on 1/3/2011 8:42:25 PM , Rating: 2
quote:
Then do you leave your front door unlocked? Do you leave your car unlocked? Both can be broken into by a determined thief. After all, a lock only keeps out the honest.


A personal lock is more analogous to having a password for your on-line account. Only you are meant to get in, and the password (to a certain extent) ensures this.

The electronic keys they give you at a hotel might better be compared to DRM. You are allowed limited access to a room, but that access can be revoked at any time. Also, you may get unlucky and "your" key doesn't work. While the hotel owner also wants to prevent theft, the electronic key allows him to control the length of the client's stay. Obviously, this analogy is imperfect, but is closer to DRM.

Therefore, whether I lock my house door has nothing to do with whether I agree with DRM. I lock my door to secure personal property, but I use DRM to control distribution of data, while simultaneously, deliberately allowing limited use of that data. It's the second part that makes DRM an issue: as a vendor you don't want consumers to have difficultly accessing a product they have paid for.

Unfortunately these analogies fail to deal with the fact that electronic piracy is largely invisible to the vendor and may not even be detrimental, while leaving hotel rooms unlocked is definitely not good for business.


XDA not Microsoft
By Flunk on 12/31/2010 9:46:10 AM , Rating: 3
The XDA-developers forum is not affiliated with Microsoft in any way. Microsoft's developer forum is called the App Hub




By jabberwolf on 12/31/2010 8:20:55 AM , Rating: 2
But something avavailable if you were able to get ahold of the account holders info on his/her machine.

The same goes for anything, keep your info safe and do NOT cache your account info.




Pay for the Apps
By Mitch101 on 12/31/2010 8:22:58 AM , Rating: 2
This is no different than your PC your getting to a degree what your paying for.

When you purchase the software from a reputable source you can pretty much expect its virus/spam/malware/bot free (Unless its real player or quicktime which to me are both).

If you get it through a torrent or other means then you cant guarantee it hasn't had any code changes and your relying on your Anti-Virus application to tell you if something is amiss.

Even if you made it $1.00 it will still be pirated but probably reduce that footprint of piracy. In some cases you really do get what you pay for.

On the flip side Ive paid for plenty of software that wasn't worth the disc it was printed on.




The only thing...
By BigToque on 1/1/2011 1:57:55 PM , Rating: 2
The only thing that any "app" should have is a checksum to verify that the app is genuine from the app store.

If I want to run "unofficial software" that could harm my user experience, that should be my choice. Hell, you could probably make a business out of repairing phones that have been damaged by malicious unofficial software.

If the apps I can get from your store are better then the competition, it's pretty much a given that I'll get them from your store. The biggest problem now is that quite often people will make free software that is better than what's being offered for money in the app stores.

Make users feel welcome and don't try to tell them what they can do. It's amazing how little business sense so many people in the business world seem to have...




I worry....
By damianrobertjones on 12/31/10, Rating: 0
"I mean, if you wanna break down someone's door, why don't you start with AT&T, for God sakes? They make your amazing phone unusable as a phone!" -- Jon Stewart on Apple and the iPhone

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki