Posted on Wednesday, December 12 2012 @ 11:58 CET by Thomas De Maesschalck
Two weeks ago I already wrote about a tool that
enables the cracking of Windows 8 trial games and apps but this week the exploit got more notorious as Justin Angel, a Nokia engineer,
published on his blog how this security flaw in Windows 8 apps
enables users to turn trial versions into the full app and how to get in-app purchases without paying a cent. On top of that, Angel also explains he was able to hack himself a million in gold in Soulcraft THD, worth over $1,000, and eliminate ads from Minesweeper by editing XAML data files.
Angel says the problem is that Windows 8 stores encrypted data locally, along with the algorithm, a recipe for security incidents.
Using his technique, says Angel, it's possible to get free in-app purchases by modifying encrypted IsoStore files, get rid of in-game advertisements, unlock for-pay levels within games for free using script-injection techniques and extend free trial periods indefinitely.
"Trial apps will likely be adopted by around 50% of Windows 8 games. We've seen how the Trial licenses are stored in the Tokens.dat file and how easy it is to edit it," he says.
"The real problem here is that Trial apps are downloaded to the client machine with the full unlocked logic embedded in them."
In a forum post from November 29, Microsoft Windows Store Developer Solutions Team Manager Dan Reagan explains the Windows Store offers base piracy protection for all apps and
suggests developers should focus on writing more secure code.
