Windows Phone 7 marketplace "hacked," but not really

A post over on the XDA-Developers forum claims that the user has discovered a massive flaw in the Windows Phone 7 marketplace that allows anyone to download the entire Windows Phone 7 marketplace in XAP form, and install these on your phone using a series of hacks. While the read is interesting, the poster also claims that the protected applications in the marketplace should be able to be unlocked.

The process of the "hack" is outlined as:

  1. Downloading the entire marketplace using a C# code snippet that was provided
  2. Circumventing the maximum application sideload limit, which was originally outlined on WithinWindows
  3. Enabling deployment of the disabled XAP files by deleting a file header inside the XAP "Zip" itself
  4. Activating the disabled marketplace XAP by replacing an entry assemly (the example used an open source app which had the debug assembly freely available
  5. Removing the XAP's security signatures
  6. Replacing the marketplace published entry assembly with a facade debug assembly

The poster requests that users on the forums create a torrent of the entire marketplace worth of XAP files, and make this available so people can begin hacking, as well as asking for help to create tools to remove the header files, and replacing the entry assembly.

While this is a long winded process, it seems to work for applications which have freely available code online, but the technique requires a large amount of work before it will be able to be used on any actual commercial applications. To complete this process, the "hacker" had to have code available to him to be able to circumvent the locks, and otherwise would not have been able to perform the process. On top of this, the user must have a copy of Visual Studio 2010, and an unlocked Windows Phone device.

Developers can sleep safe knowing that right now, these tasks have not been completed, and piracy is harder right now on Windows Phone 7 than any other mobile platform. Sure, the XAP files can be downloaded, but are disabled until parts of the code is publically made available.

Update: The original post was removed from Xda-Developers, with moderators saying that the forum does not condone piracy.

Report a problem with article
Previous Story

Microsoft beats out Apple for top technology innovator of 2010

Next Story

RIM reportedly thought original iPhone impossible

16 Comments

Commenting is disabled on this article.

condone privacy? I think it's piracy you mean?

BTW, unlocking/rooting/s-off/jailbreaking a phone isn't piracy. Creating rom and flashing them isn't too. Problem start when people start adding paid software into rom that doesn't require to paid for afterward (like adding setcpu pro for exemple). No rom on XDA follow this bad behavior, specially that most of them are android and simply tweak the original rom, updates and al.

Nodiaque said,
No rom on XDA follow this bad behavior

I know XDA is good site, and I was glad to see that they removed the post. Sad thing is the dev will probably just move to another venue .

Nodiaque said,
*snip* (like adding setcpu pro for exemple) *snip*

The SetCPU in the market for $2 is the one given out for free on xda... There is no setcpu pro.

Its one thing to pirate games from big companies its another to pirate from indie developers. Its kinda like your stealing from poor, indie developers are like any of us here your stealing from people that don't have much of anything, karma will bite these guys in the ass.

Owen Williams said,
To complete this process, the "hacker" had to have code available to him to be able to circumvent the locks, and otherwise would not have been able to perform the process. On top of this, the user must have a copy of Visual Studio 2010, and an unlocked Windows Phone device.

I don't know much about WP7 apps, but if the code is anything like the .NET framework code for the Desktop (managed code instead of native code), obtaining the source code from the XAP file should be a trivial task.
Visual Studio 2010 - Anyone could get it if they know where to look.
Unlocked WP7 - I remember reading that the Chevron hack was available somehow in the XDA forums, I could be wrong though. If so, doesn't that condone privacy in some way?

Your right its not hard to use reflector on a .NET app and get the source code for it. The problem is MS requires developers to use the same DRM protection scheme on ALL apps. To hack passed the trial mode check opening a win7 app in reflector and looking for "Guide.IsTrialMode" and simply removing that check will let the app run as if you bought it.

Its just sad as I said before people are stealing from indie developers rather than big game companies. So really if you pirate a WinPhone 7 game, your really stealing from people that don't have a lot and really are using this as a extra source on income. Its really damn sad and pathetic.

Oh come on! It's like all the cooked ROMs and stuff the site hosts aren't illegal or something..

The thing is one.. CENSORSHIP

The ROMs aren't illegal, for the most part. XDA is largely android based with ROM cookers using the Google provided source to compile their own ROMs. Perfectly fine

efthlouk said,
Oh come on! It's like all the cooked ROMs and stuff the site hosts aren't illegal or something..

The thing is one.. CENSORSHIP


NOTHING in the XDA ROMs are illegal. Microsoft asked XDA to remove 6.5 ROMS, they (XDA) contacted MS, and both parties came to a agreement that there was nothing illegal about what XDA was hosting/releasing.

Hollow.Droid said,
The ROMs aren't illegal, for the most part. XDA is largely android based with ROM cookers using the Google provided source to compile their own ROMs. Perfectly fine

lolwut.
Do you know what XDA is? It's what HTC phones were called years ago.
Do you know what OS they ran? Windows Mobile.
Android is only a couple of years old and is now a large part of XDA-Devs but WM was the reason it became popular.

As stated by aftas, the ROMs themselves aren't illegal, especially on XDA-Devs. There have been ROMs pulled and chefs banned in the past few years I have been a member simply due to not mentioning the creator of free apps. Generally as soon as warez appears it gets deleted and the poster warned straight away.

Mobilism (PPCWarez) on the other hand... then again they seem to have died