Apparently phone hackers don't take a break over the Christmas period. Just over 24 hours ago, we reported that someone claimed that the Windows Phone 7 marketplace had been hacked, almost.
The long winded method needed work and required a lot of manual intervention, and now it appears that a proof of concept tool has emerged that completes the process, as well as making it fully automated from beginning to end. That was fast.
WPCentral reports that they have seen the tool in action. Created by a "white hat" developer, the application is called "FreeMarketplace" and performs the original steps outlined in the whitepaper by;
- Downloading the entire marketplace using a C# code snippet that was provided
- Circumventing the maximum application sideload limit, which was originally outlined on WithinWindows
- Enabling deployment of the disabled XAP files by deleting a file header inside the XAP "Zip" itself
- Activating the disabled marketplace XAP by replacing an entry assemly (the example used an open source app which had the debug assembly freely available
- Removing the XAP's security signatures
- Replacing the marketplace published entry assembly with a facade debug assembly
You can even see the tool in action for yourself, in a video that shows off how it works below.
Microsoft was contacted about the breach, and WPCentral are working with Microsoft to address the issue. Right now, other than this video there aren't many more details about how the hack works, or how the application was built so quickly.