"How to hack" Windows 8 app article posted by Nokia employee

No game developer wants to hear that their new Windows 8 game in the Windows Store can be hacked into quickly so the user can get the game for free or get in-game purchases for no money. Yet, that's exactly what a Nokia employee, Justin Angel, claims to have come up with in a new article on his personal website.

The article, "Hacking Windows 8 Games", goes into detail on how users can get free in-game "gold" from the action-RPG game SoulCraft, along with ways to turn the free trial version of a game into the full version with no payment. Angel also shows how to remove the in-app banner adds that show up inside many Windows 8 "Metro" apps. Indeed, Angel says that his methods can be used with regular Windows 8 apps in addition to games.

Angel adds at the end of his article:

We’ve seen a myriad of issues and offered potential fixes to them all. Any mildly competent developer can productize these security attack vectors into shipping products. If Microsoft doesn’t take it upon itself to fix these security attack vectors it’s not because it couldn’t, it’s because it chooses not to.

While the site was live while we were in the process of writing this news post, Justin Angel's entire website has since been taken down. We have emailed Microsoft and Nokia to see if they wish to respond to Angel's article. A Nokia rep has already emailed us back saying they "are looking into it."

Source: Justin Angel | Image via Justin Angel

Report a problem with article
Previous Story

Microsoft squeezes two more Android vendors to sign patent agreements

Next Story

Microsoft tweaks Bing social results design

30 Comments

Commenting is disabled on this article.

lazy developer, he just serialized an object in Xml and call it a day. I do that but only when the information is not so important.

It's great this article skips over the fact that the reason he was doing this was to give application developers methods and ways to PREVENT people from hacking their applications - by showing common attack vendors and giving explicit solutions to those problems. It wasn't just "here's how to get free apps", nor was it targeted at those types of people.

this guy used to be a program manager of the Silverlight team at Microsoft,,and I think he is a tad butt hurt that Silverlight is pretty much toast.

i don't think this imbecile got the memo that if you have access to memory and files, any app or piece of software can and will be cracked. even if you use the highest encryption you can ever use, the decryption routine will always happen,and every machine instruction can be followed .

windows pcs don't have the leisure of having encryption keys buried deep inside a sub 0.1 micron piece of silicon. that's actually the deterrent to hackers from hacking devices like iphones,ps3s,xbox360s,etc.. once an exploit is found that enables us to modify memory, that automatically means that the device is cracked,because finding these protection routines in software is actually the easiest part.

Many developers employ Anti-debugger routines and other reverse engineering counter methods in order to prevent this. Yes it will be cracked eventually but it takes much longer. Some people have given up on some apps indicating it wasn't possible with them.

anti debugger routines? what is this 1996? it doesn't matter what kind of anti debugger routines you employ, it is easily bypassed in a few seconds, because 1.all the anti debugging routines have already been figured out by now. 2. you don't even need a debugger. and 3.you can debug with a virtual machine which is transparent to the OS you have running.

If the person who attempted to crack a piece of software and they couldn't, then they are not that talented to begin with. Give any reverser access to memory and the bits of an application, then you can consider it automatically cracked, no ifs ands or buts.

you can obfuscate as much as you want,but bright reversers read code like they read their native language.

vcfan said,
anti debugger routines? what is this 1996? it doesn't matter what kind of anti debugger routines you employ, it is easily bypassed in a few seconds, because 1.all the anti debugging routines have already been figured out by now. 2. you don't even need a debugger. and 3.you can debug with a virtual machine which is transparent to the OS you have running.

If the person who attempted to crack a piece of software and they couldn't, then they are not that talented to begin with. Give any reverser access to memory and the bits of an application, then you can consider it automatically cracked, no ifs ands or buts.

you can obfuscate as much as you want,but bright reversers read code like they read their native language.


Strange, I cant remember the names, but there have been a few games in the past that have not been hacked for months after release. I guess it can still work
Offcourse all you need is time and dedication, everything that can be accessed, can be hacked or cracked.
Especially when you have all the files required locally.

Well they can but since all the actual game content is stored server side (i.e scripts, maps, ect) then you just get an empty world. Then someone needs to create a server emulator and create a new story and world for the game.

Heh! Essential and private values in a XML, what a way to protect data :-P
Somewhere there must be found the username and password fields, if there're any :-D

Umm per the article the data is encrypted. The problem is that the apps are not validating the data when it loads to make sure it hasn't been tampered with. Some files are not validated but the key ones like licensing and in game data isn't. Also there is a lack of anti-debugging facilities in some apps (Cut the Rope in the case of the article).

NeoPogo said,
I thought Nokia and Microsoft were allies, guess not.

Not since the announcement of Surface which might be competing with something they are brewing up?

This is bull****. Any piece of software, and I mean ANY, can be modified and hacked and transformed into something else and be made to work without paying or whatever. Though I do agree that having the encryption as well as the key next to each other isn't a very smart thing to do.

Vlad Dudau said,
This is bull****. Any piece of software, and I mean ANY, can be modified and hacked and transformed into something else and be made to work without paying or whatever. Though I do agree that having the encryption as well as the key next to each other isn't a very smart thing to do.

It just seems too trivial. And a trivial method that can work in many apps, is just embarrassing for the future of windows store.

As a developer, modifying an XML document (the plaintext document seen above) is a lot simpler than modifying the binary code of an existing application. Both can be done with direct access, but modifying plaintext is always going to be trivial in comparison.

In fact, it's so trivial that I wouldn't really call it hacking. It's just abusing the fact that Windows 8 apps, like iOS apps, are really wrappers (effectively folders) that contain the actual binary executable file(s) and configuration file(s). This is also the extent of their sandbox.

The problem with encrypting the files is that you cannot really encrypt the file because the decryption key would have to be stored on the same computer and used to unlock the file, which could be intercepted by any nefarious user with only a little more work.

This will always be the problem with storing files local to the user rather than validating over the web, which itself is interceptable by even more advanced users. It's extremely easy to say that either Microsoft, or even Apple, should fix the problem, but it's not even remotely a simple problem to fix. With direct access comes a lot of power, and that power is going to be hard to overcome.

Without the whole entry from Angel, it sounds an awful lot like a lot of developers that I know: stating something is bad and that it's easy to fix without actually providing any solution whatsoever. Easier said than done.

@bigmehdi : Did you say the same thing when a few months ago someone found a way to download paid apps without paying from the Apple app store? Probably not, seeing how you're one of the lardiest pro-Apple hypocrites to walk planet earth.

That flaw was patched soon after news got around, as will this.

Well, the issue is that "cracking" looks accessible to the average guy.
I know there are no software that cannot be cracked .
But if you put a safety lock on your door, that's not for nothing.

pickypg said,
As a developer, modifying an XML document (the plaintext document seen above) is a lot simpler than modifying the binary code of an existing application. Both can be done with direct access, but modifying plaintext is always going to be trivial in comparison.
Thanks for that explanation.
In fact, it's so trivial that I wouldn't really call it hacking. It's just abusing the fact that Windows 8 apps, like iOS apps, are really wrappers (effectively folders) that contain the actual binary executable file(s) and configuration file(s). This is also the extent of their sandbox.

The problem with encrypting the files is that you cannot really encrypt the file because the decryption key would have to be stored on the same computer and used to unlock the file, which could be intercepted by any nefarious user with only a little more work.

This will always be the problem with storing files local to the user rather than validating over the web, which itself is interceptable by even more advanced users. It's extremely easy to say that either Microsoft, or even Apple, should fix the problem, but it's not even remotely a simple problem to fix. With direct access comes a lot of power, and that power is going to be hard to overcome.

Without the whole entry from Angel, it sounds an awful lot like a lot of developers that I know: stating something is bad and that it's easy to fix without actually providing any solution whatsoever. Easier said than done.