piracy | Windows Central

Expert analysis

Don't miss our uber in-depth Creators Update review

Continuum vs Dex

Samsung 'DeX' is its own Continuum, complete with Microsoft Office

Window(s) to your world

Which version of Windows do you use?

History is the best teacher

Microsoft better not market 'Surface phone' like it marketed Windows phones

950 XL > x3 ?

Is HP's Elite x3 tough enough to overtake the Lumia 950 XL? Not exactly ...


Leaked Upgrade Advisor app lets you install the Creators Update now

All dem pixels

How many pixels are you pushing when you game on your PC?

Ultimate power

Razer Blade Pro 2017 nabs THX certification and an overclockable CPU

Better safe than sorry

Don't trust the cloud with your data, encrypt it before uploading


Windows Central Podcast 42: RTM is here

Make up or break up?

Does Microsoft even care about Windows phone users anymore?

Lightweight powerhouse

Review: Samsung Notebook 9 just might be the best 15-inch Ultrabook

Pour it on

What are your biggest complaints about Windows 10?

Surface Cloud Book instead?

Microsoft may not announce a Surface Book 2 at rumored Spring event

Security Tip

Prevent users from seeing your files by hiding a drive on Windows 10

10 > 8.1

Now's the time for Microsoft to push Windows 10 Mobile to eligible devices

Deal alert

Unlimited calls, text and 10GB of 4G LTE data for $20 per month

Into the fold

Another foldable mobile patent hints at Surface Phone form factor

Memories o' Ballmer

Happy birthday, Steve! These are our favorite Ballmer moments


We're revamping our Developer Program for 2017!

< >

Shop: Surface Studio | New Surface Book | Xbox One S Bundles | NEW Dell XPS 13"


This is one of those Windows Phone 8.1 changes that will only affect like 0.1% of you, though it’s still interesting if you’re into security and what may be best described as piracy.

Last summer, we ran a controversial story about how to install OEM exclusive apps to your Windows Phone. Those apps are always ‘free’ though they are in theory subsidized by your purchase of that OEM’s phone. There was a method used where you can spoof your Nokia Lumia to look like a Samsung one, or vice versa.

More →

Software piracy is a serious battle, which can also affect our beloved platform developers. Microsoft has taken action by automatically applying encryption to all apps through the newly unveiled Dev Center. According to a detailed post on the Windows Phone Developer Blog, Todd Brix states that all apps (including those already submitted) are automatically encrypted without user input.

We first heard about the possibility of server-side encryption back in November, 2011. From our understanding, Microsoft was waiting until everyone was on Mango to implement that feature and it now looks to have happened. If you recall, at the end of April Microsoft decreed that you had to have Windows Phone 7.5 to get to the Marketplace. Combined with the Dev Center refresh, we think that transition for encryption is now complete.

More →

An interesting thing happened yesterday that we chose to not cover in detail. In short, someone published an app to the Windows Phone Marketplace that was pirated. Specifically it was a favorite GPS navigation app that cost a good amount of money.  The person responsible presumably ripped the original XAP from the Marketplace and simply re-submitted it, pawning it off as their own.

Did they try to make money from it? Nope, they did something possibly worse--they offered it for free.

More →

In an interesting article at Ars Technica, they discuss the brief history of Chevron WP7, homebrew and piracy with regards to Windows Phone 7. Most of it is par for our readers, with nothing to substantial as far as history.

But there was a real interesting section regarding piracy, encryption and what Microsoft is doing to prevent theft of developers' software:

"Those piracy concerns are still an issue. It's possible to download application packages from Microsoft's servers and install them onto a developer unlocked phone without actually buying them.

That will change. Windows Phone 7.5 "Mango" includes support for a new kind of encrypted package that should rule out this kind of piracy. Microsoft is waiting to ensure that a high enough proportion of users have upgraded to Mango before throwing the switch and using these encrypted packages, however."

This is the first we heard of any XAP encryption that would seemingly prevent users from sideloading illegally downloaded XAPs from Microsoft's servers (something we first demonstrated back in December). The idea is certainly a welcome one and from that detail about Microsoft waiting to throw the switch, this seems to be all on their-end.  That means devs won't have to do anything different in their XAP preparation and submission to the Marketplace.

Of course devs could presumably still release their XAPs directly e.g. for the homebrew community without encryption, much like they do now. But for companies like Nokia, who may be a tad irritated that their Music and Maps apps have been ripped, this could be very welcome news.

Source: Ars Technica

More →

A day later after we posted the "proof of concept" (PoC) video demonstrating how easy it is to defeat Windows Phone app protection, the discussion is starting to head into another direction: from criticism to potential solution. FreeMarketplace may only be 65.5kb in size (seriously), but its ability to freely circumvent the weak DRM of all 4k+ paid apps in the Marketplace with a single mouse-click is a real concern.

While we're confident Microsoft has something in the works to right this problem (though nothing is confirmed), developers may be able to take some  matters into their own hand to better improve app security.

Tobias, the developer of FreeMarketplace, has what he thinks is a method to slow down potential pirates. What makes FreeMarketplace so dangerous is the automation--no mid-level "cracker" is needed to go into each and every app to defeat DRM, which is how the majority of app piracy has to proceed (see iOS). That's because DRM in the Windows Phone Marketplace is the same for every app, making an automated system-wide app cracker feasible:

The code and the guides I gave you here will not stop piracy. Anyone with the corresponding skills can still startup reflector, go through your code, remove any checkes, remove DRM and install it on a device. YES, but it got a lot more difficult to do it in an automated fashion. So, there might be one or two who can still break your security measures by hand but the masses won’t be able as there is no generic tool available.

While not a true fix, it can at least add some speed bumps for now till MS can offer more robust DRM support. Of note, Tobias is still not sharing details on how FreeMarketplace works, so don't expect any nuggets there. In addition, what follows is strictly for developers, so non-techies will only glean a few interesting tid-bits.

Read: Getting a more secure Windows Phone 7 app

More →

Walking the fine line between black and white hat security, XDA member V@l€n has gone and posted a detailed "security whitepaper" on the state of app piracy in the Windows Phone Marketplace.

We almost hate to write on the topic since it will attract claims of supporting piracy,  but the fact is developers and Microsoft need to know just how vulnerable the platform is so that it can be improved on before it's a problem. And that's just it, right now there is no issue with app piracy for Windows Phone, but it is inching closer and once those few remaining hurdles are cleared, there will literally be a flood of pirated apps on the market.

But before we jump into all of that, lets detail exactly what is going on here. For better or worse, V@l€n has done a great job of outlining all the steps needed to make a ridiculous piracy campaign, showing all the necessary procedures that need to be cleared.

Follow us after the jump as we walk through this story...

More →

Although there have been reports of people porting over WP7 to the HTC HD2 and some chatter of people being able to make ROMs  (though not load them), there may yet be one final hurdle that could be very difficult to overcome: PVK.

PVK are the private keys Microsoft evidently uses to sign off on the OS that is also tied to the hardware. Specifically, some aspect of the OS looks for and then pulls these keys from the device motherboard for verification. If the keys cannot be found, the motherboard must be replaced or serviced. While elements of the phone/OS might still work without the PVK key, core elements such as Xbox, Marketplace, Windows Live or Zune...basically any "cloud service" will not.

The challenge to developers/hackers would be to circumvent this security, much like folks have managed to get around Microsoft's Genuine Software checker for Windows 7 and Office products. No easy task, we imagine.

In addition to  the above image,  there is an accompanying "Service Advisory" on one of the HTC internal sites that reads:


This Service Advisory aims to resolve invalid PVK or PVK missing issue for any returned WP7 units

Condition(s) to follow this service advisory:

1. When customer complains about can not access Microsoft services such as XBOX, Marketplace, Windows Live and Zune on the WP7 devices.

2. When ASP performs diagnostic program test, ASP needs to follow the below repair actions if the diagnostic program detects invalid or missing PVK.

    If the PVK is invalid or missing, there will be message on device as following when user try to login to Windows Live service.

    To all of this we say good on Microsoft for throwing down some serious security, but alas, the ROM community now has a challenge ahead of itself. Of course, this is probably more motivated by piracy concerns than ROM cookers, but we imagine Microsoft welcomes that as a wanted side effect as well. Combined with the Xbox Live security (see earlier coverage), cracking this OS wide open may be far off.

    Thanks, Conflipper, for the info

    More →