Related
I will not do anything with this, or publish how. But you can be assured the "warez" guys from that one site will figure this out within a day or so as well...
As most of you will know I am a software developer by trade, with some commercial offerings from my company.
And then there was Marketplace. For commercial devs, something nice to have. But if you have followed the news, the piracy protection for commercial developers is not much to speak of. See this document http://download.microsoft.com/downl...tplace for Mobile Anti-Piracy White Paper.pdf.
I will refrain from quoting the obvious mistakes in this document, if you give this thing a read, you will notice them soon enough. What it all comes down to is that there is no copy protection, not even at the advanced level, at least if they implement it in the way I interpret from reading that document.
So today I started up Marketplace and it worked. Hurrah. The current level of protection is making sure the CAB files are deleted upon install - which is obviously not a way to protect anything - but even this, I thought, should easily be circumventable.
Now, because I wanted to see how fast it could be done, I went with a hunch instead of doing any investigation. And that hunch worked like charm. It took me less than five minutes to circumvent this "protection", and get the ability to save the CABs the MarketPlace app downloads to a different folder. As the CAB file is the same for every downloader, you could just give this CAB you payed for out to all your friends.
Obviously I will not disclose the method, because that would be working against other commercial developers, and ultimately myself. It's just to let you know how ridiculously easy it is, and to give fair warning to those looking to sell apps on the Marketplace.
So, the moral of the story is... WTF MICROSOFT?
I know firsthand there is no such thing as perfect copy protection, but this is just plain ridiculous.
What we really need is for apps to be able to use our own copy protection schemes... you know, like the good web-based app stores out there.
EDIT: l3v5y has also succeeded in doing something similar, and it seems the WMPowerUser admin also found another easy way to do it... Yay, and it ain't even out yet!
Not even 12 hours after launch...that's pretty quick
Oh noes.... that's not good!
Imagine Microsoft reads this and decides to offset tomorrow's Marketplace launch...
Or even worse, Microsoft launches the Marketplace but developers decide not to submit their apps because they're concerned that their apps get pirated.
Thats what happens when devices aren't locked down.
That sounds bad, but it's really no different to how things are today. Perhaps there are some apps that have more security than either nothing or a serial key, but none that I use have anything more sophisticated.
Even as a developer myself, I'd easily take this over some DRMfest.
So, if I'm reading this correctly, when you buy something from marketplace it's not tied into your username with a password like most apps? Instead, you just buy it and it installs the app, but doesn't give you a cab? Yeah, I don't think it's that hard to work around that and get a cab for yourself. Some of the cheaper apps at Handango are like that. Can you re-download an app onto a new device or if you have to hard reset, and is it free or do you need to buy download protection like form Handango?
Good, copy protection pisses me off, all it does is piss of the genuine users. We have to deal with codes and activation to be legit, while people getting it free, just click here and there, copy a code here and huzah.
Copy protection doesnt work, someone will always find a way around it. Unless its linked to a windows live profile/xbox live profile. Which I can see probably happening when they bring out Zune on mobile phones, which sounds like it might be sooner rather than later!
I did something like this earlier... MS haven't quite got security done yet, though my guess is the iPhone is no better...
I'm really surprised by the lack of any drm; what's the point of signing in w/ one's Windows Live account? The easiest thing to do is to associate valid applications w/ one's Window's Live account. That's what itunes does for music at least (I don't know about apps as I don't have an iphone/ipod touch). Of course, what would happen is that an internet connection of some form is needed when the application is first installed, which could become inconvenient.
The truth of the matter is that the percentage or ratio of people who would bother to do this is pretty small. Most WinMo usersbarely even know how to setup e-mail not to mention install a cab file.
Most of the people in this forum already know how and where to get cracked apps or warez if they wanted too. I don't see this so called "flaw" as being an issue to MS or developers.
Must admit that I find it a bit worrying that your not able to make a backup of the applications you buy by taking a copy of the cab file somewhere safe.
After having sent back 4 HTC phones (two different models) in the last 10 months, and having an SD die on me I'd really like to know that I have a backup of anything I've paid for.
Can anyone confirm if its possible to reinstall something you've paid for through the Marketplace app if it gets removed from your phone, or you get another phone? ie if you log into Marketplace with the same Lice ID does it show apps that you've bought but which aren't on the phone your connected with?
If I look at an app that I have installed through Marketplace there is no install button anymore and Marketplace tells me that it is installed... so no obvious way to get the application back...
Not enough free apps on the UK store for me to mess about with really (have installed Shazam trial but don't want to risk uninstaling it just to see what happens).
-FM
fatmonk said:
Must admit that I find it a bit worrying that your not able to make a backup of the applications you buy by taking a copy of the cab file somewhere safe.
After having sent back 4 HTC phones (two different models) in the last 10 months, and having an SD die on me I'd really like to know that I have a backup of anything I've paid for.
Can anyone confirm if its possible to reinstall something you've paid for through the Marketplace app if it gets removed from your phone, or you get another phone? ie if you log into Marketplace with the same Lice ID does it show apps that you've bought but which aren't on the phone your connected with?
If I look at an app that I have installed through Marketplace there is no install button anymore and Marketplace tells me that it is installed... so no obvious way to get the application back...
Not enough free apps on the UK store for me to mess about with really (have installed Shazam trial but don't want to risk uninstaling it just to see what happens).
-FM
Click to expand...
Click to collapse
looks like it keeps track of all apps you purchased.
ow well, I guess it's a matter of time when there will be sites that point to all the cabs available on upload sites and stuff. Just like those sites exists for iphone/ipod (appulo.us for example)
I guess that's what happens when people see that there a lot of apps available on other country stores..
what do you think...
double post
thedicemaster said:
looks like it keeps track of all apps you purchased.
Click to expand...
Click to collapse
Hi dicemaster,
How did you try this? Uninstalling and reinstalling on the same phone or another phone? Or the same phone after a hard reboot / content erase?
I'm just interested to know from what state you can get back to your purchased applicationsand whether is purely your windows live id that connects you to your purchases or if there is some device specific stuff checked as well.
Cheers,
FM
Is there anything to stop Software Authors implementing (or continuing to use) their normal Serial number protection systems?
Looking at the Market Place, there are obviously some of the Big Names we all know and love, and I don't see why they would remove protection systems they have in place already, unless it was a MarketPlace requirement.
Personally, I can't say I'm at all impressed with the MarketPlace implementation - it heralds back to the early days of PocketPC. Maybe they're going for lowest common denominator hardware support, but frankly even the relatively poor Android marketplace on Hero is massively better. And the Appstore even more so. And I think Cydia tops most of them!
Let's hope that the MarketPlace at least drives prices down.
V
I am assuming it's more difficult then just going to \Windows\AppMgr\Install folder while the installer is running and copy the CAB file to another location. This is how I get the CAB files from PC only installers.
I personally use SKTracker a lot. I take a snapshot before, and then during the install and see what has changed. That generally tells me right where any install files/CABs are that I need to grab.
vijay555 said:
Is there anything to stop Software Authors implementing (or continuing to use) their normal Serial number protection systems?
Looking at the Market Place, there are obviously some of the Big Names we all know and love, and I don't see why they would remove protection systems they have in place already, unless it was a MarketPlace requirement.
Personally, I can't say I'm at all impressed with the MarketPlace implementation - it heralds back to the early days of PocketPC. Maybe they're going for lowest common denominator hardware support, but frankly even the relatively poor Android marketplace on Hero is massively better. And the Appstore even more so. And I think Cydia tops most of them!
Let's hope that the MarketPlace at least drives prices down.
V
Click to expand...
Click to collapse
Microsoft does not support your own serial systems. There is no information you can compare runtime vs purchases either, so you can't roll your own. Well ok, you DO actually have device ID information you could use, but that way purchasers can only run the application on the phone they actually bought it on. It is not clear how 're-download' information will be transmitted. If that also transmits a device id, then it is possible to roll your own, though it would be pretty nasty.
zim2323 said:
I am assuming it's more difficult then just going to \Windows\AppMgr\Install folder while the installer is running and copy the CAB file to another location. This is how I get the CAB files from PC only installers.
I personally use SKTracker a lot. I take a snapshot before, and then during the install and see what has changed. That generally tells me right where any install files/CABs are that I need to grab.
Click to expand...
Click to collapse
If you go to C:\Program Files\Microsoft ActiveSync on your PC, you'll probably find an archive of many things that you installed over active sync.
SK Tools is a good way to re-pack any installed programs into cabs. I would guess that it works with programs from Market Place.
good find bud..i sent it to engadget for ya
http://www.engadget.com/2009/10/08/dev-finds-windows-marketplace-drm-severely-lacking-easily-circu/
Sorry to apparently flout the warning about poking my noobish nose in to post about something non-ROM related, but since this is a development and hacking section, I figure I must be in the right place.
I've been googling and futzing around with build.prop to no avail, so I figure I should ask someone with a clue before I go and kill my install or even brick my phone, I dunno.
Is there any sort of hack on this file that tells Play what CPU/GPU/etc you have but also says, I'll be the judge of what's compatible, thanks?
Or is there some other method?
Maybe some folks have started a Play mirror on the sly...? Surely I'm one of millions who are cheesed off about not having any way around this silliness.
Two possibilities, right?
Either there's an answer, or this is an issue which deserves the attention of folks with the talent to address it.
Anyone care to give me a clue which it is?
Well, here's a workaround of sorts: try to find what you're after at mobile.brothersoft.com, where the site simply asks you what your phone is, and lets you save it wherever.
If you want to try another model, don't bother choosing a different one via the site's controls, because the initial drop-downs you identified your phone with are no longer available (instead you have to choose from pages and pages of poorly-identified entries, half of which are missing pics). Just delete your cookies for that site and choose again.
Play told me Google Goggles wouldn't work for some reason; I told the Brothersoft site my Galaxy Mini was a Pop 1559 (pretty similar as far as I can tell), downloaded the app, and bingo.
Now to have a look for all that other stuff Google told me wouldn't work...
...Actually, there's no need to tell the Brothersoft site any lies; it doesn't enforce Google's 'incompatibility' call, or even tell you about it.
Why did it take me so long to come across that joint after searching high and low for a fix? I tried enough angles... seems both obvious and obscure at the same time.
Hey there people. I'm completely new to android, well, I'm new to smartphones for that matter.
So right to the point. I want to make GTA 3 (or any REAL game ) work without wifi.
I live in a poorfag country, where it isn't really possible to get online without a contract phone. Not as a student...
I have an Xperia E1, got it yesterday, and managed to install a cracked gta 3 which runs butter smooth. But it has online authentication on launch, therefore I can't play at school, which kinda defeats the point of having the game on my phone.
(The version I got was a lone .apk from 4shared, which installed fine, then, when launched, connected via wi-fi and downloaded the files with a gta3 background pic. Was kinda slow, ~40 kb/s so I don't think it was from the play store.)
Phone isn't rooted, can't find that many results to say it's 100% safe and un-doable to go on with it. Can't afford a new one if bricked.
Someone suggested launching the game at home, then 'alt-tabbing' out of it, move away/turn off wi-fi and play, but after a while it checks for connection again and gives the "Data connection unavailable" screen.
I saw someone on these forums talking about how you could disassemble the apk and remove authentication, or just change it's value to 'true' whether there's wi-fi or not. I'm willing to do *almost* whatever it takes to do that. Does anyone know how to do it ? Where do I start?
I saw apk disassembly programs for rooted phones, but can't you already do that on a PC without having to root your phone ?
Point me to any direction, just help me please.:crying:
Search!You have your answer on google!
Sent from USS Intrepid NCC-1631
dragoi90 said:
Search!You have your answer on google!
Sent from USS Intrepid NCC-1631
Click to expand...
Click to collapse
Really ? It's that easy for you ?Then why don't you write it down for me ?
I've been searching on google for 2 days!
I've found a Fake Wi-fi connection app, which is not a solution to my problem
and an XDA thread about people wanting to do this kind of stuff, but none try.
It seems that everyone is just fine with games that need constant wi-fi connection, even though they have ZERO online elements.
neverhangover said:
Hey there people. I'm completely new to android, well, I'm new to smartphones for that matter.
So right to the point. I want to make GTA 3 (or any REAL game ) work without wifi.
I live in a poorfag country, where it isn't really possible to get online without a contract phone. Not as a student...
I have an Xperia E1, got it yesterday, and managed to install a cracked gta 3 which runs butter smooth. But it has online authentication on launch, therefore I can't play at school, which kinda defeats the point of having the game on my phone.
(The version I got was a lone .apk from 4shared, which installed fine, then, when launched, connected via wi-fi and downloaded the files with a gta3 background pic. Was kinda slow, ~40 kb/s so I don't think it was from the play store.)
Phone isn't rooted, can't find that many results to say it's 100% safe and un-doable to go on with it. Can't afford a new one if bricked.
Someone suggested launching the game at home, then 'alt-tabbing' out of it, move away/turn off wi-fi and play, but after a while it checks for connection again and gives the "Data connection unavailable" screen.
I saw someone on these forums talking about how you could disassemble the apk and remove authentication, or just change it's value to 'true' whether there's wi-fi or not. I'm willing to do *almost* whatever it takes to do that. Does anyone know how to do it ? Where do I start?
I saw apk disassembly programs for rooted phones, but can't you already do that on a PC without having to root your phone ?
Point me to any direction, just help me please.:crying:
Click to expand...
Click to collapse
I don't think you're gonna get much help here about further cracking an already-cracked paid game... Something about rules and warez [emoji6] That authentication is there for a reason
I've got the exact same game... With the exception that i paid a wallet-draining 99¢ for it on the Play Store. Sorry if that's not the answer you were looking for
Surj138 said:
I don't think you're gonna get much help here about further cracking an already-cracked paid game... Something about rules and warez [emoji6] That authentication is there for a reason
I've got the exact same game... With the exception that i paid a wallet-draining 99¢ for it on the Play Store. Sorry if that's not the answer you were looking for
Click to expand...
Click to collapse
Please don't take me for an evil pirate who's main purpose is to crack all the games. My first intentions were to buy the game and be done with it, after that I heard that it has authentication, which requires a contract phone with constant internet access, which I don't have.
Not saying I don't pirate movies or music, but I have 24 games in my steam library right now, most of them got paid for, I also own BF3 Premium. DRM doesn't break the game on PC, as most people have wifi/internet at home in 2014, but not on the go. If play store removed DRM, I would not necessarily need piracy to achieve my goal.
Anyway, finally found an actual offline version, but it was extremely hard to find.
neverhangover said:
Please don't take me for an evil pirate who's main purpose is to crack all the games. My first intentions were to buy the game and be done with it, after that I heard that it has authentication, which requires a contract phone with constant internet access, which I don't have.
Not saying I don't pirate movies or music, but I have 24 games in my steam library right now, most of them got paid for, I also own BF3 Premium. DRM doesn't break the game on PC, as most people have wifi/internet at home in 2014, but not on the go. If play store removed DRM, I would not necessarily need piracy to achieve my goal.
Anyway, finally found an actual offline version, but it was extremely hard to find.
Click to expand...
Click to collapse
Well I've been playing it on airplane mode for a while now, and not once has it stopped me due to a lack of internet connection. I'm guessing it just needs the web connection to authenticate the license once.
I'm not saying you're an evil person, but the intention of this thread was for you to figure out how to play a pirated paid game without paying for it, bottom line... And that's against the rules here.
Is your phone rooted?
gta 3 aulthough can be offline? not?
neverhangover said:
Please don't take me for an evil pirate who's main purpose is to crack all the games. My first intentions were to buy the game and be done with it, after that I heard that it has authentication, which requires a contract phone with constant internet access, which I don't have.
Not saying I don't pirate movies or music, but I have 24 games in my steam library right now, most of them got paid for, I also own BF3 Premium. DRM doesn't break the game on PC, as most people have wifi/internet at home in 2014, but not on the go. If play store removed DRM, I would not necessarily need piracy to achieve my goal.
Anyway, finally found an actual offline version, but it was extremely hard to find.
Click to expand...
Click to collapse
Not having an internet connection is no excuse to avoid payment of software. The authentication method is one way of stopping people ripping off software, so discussions on its removal are forbidden on XDA.
XDA supports developers, show some respect for the work that's been put into software and purchase it!
Thread Closed
For a while now I've been like many other drivers, constantly fighting the urge to respond to every beep, blip and flashing light on my phone while driving. Working in IT, I have an "on call" position, and I've found that the urge to respond to every alert, IM and email I get is hard to resist despite my best intentions. More and more, I find I have to force myself to keep my eyes on the road, and not on whatever fan or cpu alert has popped up in the data center. I keep having to tell myself "it can wait til I get there".
So I had an idea for an app that would fix this problem once and for all. Basically, it would use GPS to detect movement and any time it went past a set speed, say 10 MPH it would instantly lock your phone to a non interactive screen and block all alerts, possibly even sending automated responses like "Can't talk now, I'm on the road. I'll contact you when I get there". Brilliant. Simple. Safe.
So after doing a little digging, it looks like a European Car Insurance company, Esure (not to be confused with eSurance here in the US) created EXACTLY that app. It's called DriveOFF, and the last known iterations of which seem to have disappeared from the play store about 2 years ago. What I can't figure out is why every trace of the app seems to have been eradicated from the face of the planet. It's been removed from the Play Store, and I can't even find it as an .apk download on any of the shady app sites floating around the web. I guess there's not a whole lot of demand for apps that make your safer among the seedy, side of the Internet with questionable legality. But as far as I can tell, DriveOFF somehow violated Google's design criteria and thus was pulled from the Play Store. If that is the case, it really is a shame that a legal loophole has destroyed an app that should (in my honest opinion) be the STANDARD behavior for all smart phones, period. On the other hand, I know that when I am driving, if I see a billboard or something that catches my attention, I'm frequently tempted to Google it. I'd hate to even consider that Google would place more value on ad revenue generated by reckless driving than on the health and safety of it's users. But that certainly is worth consideration...
So, I am BEGGING. If ANYONE happens to have this app or knows where I can still get it, please feel free to contact me.
EDIT:
Okay, so after doing some more digging I was able to find that the app was in fact available on the app store perhaps as recently as January of 2014. It seems as though the rights to the app were handed over from the Esure Insurance Company to a non-profit organization based out of Surrey, UK called "Safe Drive, Stay Alive" or "safedrivesurrey.org"
http://www.esure.com/media_centre/safe_drive_stay_alive.html
I've contacted both Esure and Safedrive in order to try and track this app down.
I've never really used many of Googles apps and services and more specifically given it all the permissions for which it's asked. I decided for no particular reason other than morbid curiosity to go all in this time; give it everything, partake of every privacy smashing feature. So far I'm not really finding the phone experience to be different than when I blocked many of those features.
This had me curious, just how Goog is everyone else going with their phones? I don't want this to devolve into a privacy debate so please leave that for another thread. I'm interested in how Goog folks are going and if they feel the benefits are worthwhile to them.
I've never opted out of anything when I get a new Google device, or even on Chrome from that matter. And even when I get a prompt to opt in to something they ask to help development, or to better my experience I always say yes. I've been doing this since the Nexus One. I'm deep into the Google ecosystem. I use all Google products for everything I can think of (barring OS as I use Windows 10, and not Chrome OS). I've never had any privacy or security issues with Google having all my info, and I'm not worried about it in the slightest. They have millions of subscribers/customers. I'm sure they're not worried about any one individual's info. Anyway I know you said you don't want to get into the privacy/security aspect of it, and neither do it, but I just wanted to throw in my experience with opting in to everything.
Let Google be Google! Seriously though it's not like they track you like spies lol, you'll enjoy the little things that make Google different. Location based stuff mainly
I'm not noting much difference; I'd say none if given more time and I didn't notice some helpful feature between here and whenever I decide to call the experiment. And yeah, Bobby, it is kind of a fine line, privacy is a worthy topic but not the purpose of this thread. I'm just curious if people do go all in or not and if so if they find it beneficial. In other words I was wondering how many go full Goog and if so was it worth it to give Goog the works because of some benefit I haven't yet surfaced. Start talking about privacy,security, that sort of thing, the thread is as good as dead.
I like to use as many Google apps or services as I can. They're usually pretty handy and allow me to get the most out of my phone. This is supposed to be a Google phone, so why not use Google's stuff instead of third party apps? If my data gets leaked then I could always join a class action lawsuit with the others that were affected.
The only annoying thing I've found with signing up for every Google service is pretty much anything I search for on Google shows up in my Google Now feed. For example, if I search for barbershops in my area or ask Google Assistant to find me the nearest one I'll get a few cards in my Google Now feed the next morning related to hair cutting or the latest hair styles. They assume that I'm interested in that stuff and want more info, but in reality I could care less. I just wanted a damn haircut... To avoid this I've been doing all of my searching in an incognito window. I can't turn off search history because if I do I can't use Google Now or Google Assistant
Face_Plant said:
The only annoying thing I've found with signing up for every Google service is pretty much anything I search for on Google shows up in my Google Now feed. For example, if I search for barbershops in my area or ask Google Assistant to find me the nearest one I'll get a few cards in my Google Now feed the next morning related to hair cutting or the latest hair styles. They assume that I'm interested in that stuff and want more info, but in reality I could care less. I just wanted a damn haircut... To avoid this I've been doing all of my searching in an incognito window. I can't turn off search history because if I do I can't use Google Now or Google Assistant
Click to expand...
Click to collapse
This exactly!
My wife is always being lazy and asking me to search for something for her (while she's holding her phone!) and she doesn't understand why I hate doing it. It's because I don't want to fill my google feed and advertising ID with info on her (very feminine) interests.